SB2023040438 - Multiple vulnerabilities in ARM Mali GPU kernel drivers
Published: April 4, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2022-46394)
The vulnerability allows a local application to escalate privileges on the system.
2) Use-after-free (CVE-ID: CVE-2022-46395)
The vulnerability allows a local application to escalate privileges on the system.
3) Out-of-bounds read (CVE-ID: CVE-2022-46781)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2023-22808)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds read (CVE-ID: CVE-2022-46396)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://developer.arm.com/support/arm-security-updates
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities#CVE-2022-46781
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities#CVE-2023-22808
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities#CVE-2022-46396