CVE-2022-46781

Vulnerability

This vulnerability affects the Arm Mali GPU Kernel Driver in the Valhall GPU family from r29p0 through r41p0 and the Avalon GPU family from r41p0 before r42p0. A non-privileged user can craft specific GPU memory operations that result in a limited out-of-bounds buffer access. The issue resides in the driver's handling of GPU memory processing operations, where insufficient bounds checking allows improper memory access within the kernel address space. [1]

Exploitation

To exploit this vulnerability, an attacker requires only non-privileged user access on a system with an affected Mali GPU driver. No additional authentication or special permissions are needed beyond what a standard user possesses. The attacker performs improper GPU memory processing operations that trigger the out-of-bounds read or write. The reference [1] indicates that this is a user-accessible flaw, meaning that steps can be executed from user space without kernel-level privileges.

Impact

Successful exploitation allows the attacker to access a limited amount of memory outside the intended buffer bounds. This out-of-bounds access can lead to information disclosure or potentially memory corruption within the kernel context. The scope is limited to adjacent memory regions, but could be used to leak sensitive kernel data or disrupt system stability. Combined with other vulnerabilities, this may facilitate privilege escalation or denial of service. [1]

Mitigation

Arm has addressed this vulnerability in the r42p0 release for Valhall and Avalon GPU kernel drivers. Users are urged to update to the latest driver version from their device or system vendor. The Arm Security Center advisory provides guidance on identifying affected versions and applying the patch. No workaround is documented; applying the fixed driver is the recommended course. [1]