Login Sign Up

CVE-2022-28350

9.8 CRITICAL

📋 TL;DR

This vulnerability in Arm Mali GPU Kernel Driver allows attackers to trigger a use-after-free condition through improper GPU operations, potentially leading to arbitrary code execution with kernel privileges. It affects devices using Arm Mali GPU drivers from Valhall r29p0 through r36p0. This impacts Android devices, embedded systems, and other devices using these GPU drivers.

💻 Affected Systems

Products:
  • Arm Mali GPU Kernel Driver
Versions: Valhall r29p0 through r36p0
Operating Systems: Android, Linux-based embedded systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with Mali GPU hardware using vulnerable driver versions. Requires local access or malicious app execution.

📦 What is this software?

Valhall Gpu Kernel Driver by Arm

View all CVEs affecting Valhall Gpu Kernel Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing complete device control, data theft, and persistence.

🟠

Likely Case

Local privilege escalation to kernel level, enabling bypass of security controls and installation of malware.

🟢

If Mitigated

Limited impact if proper sandboxing and SELinux/apparmor policies restrict GPU access.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or malicious app installation. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: r37p0 and later

Vendor Advisory: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Restart Required: Yes

Instructions:

1. Check current Mali driver version. 2. Update to r37p0 or later from device manufacturer. 3. Reboot device. 4. Verify update applied successfully.

🔧 Temporary Workarounds

Restrict GPU access

linux

Use SELinux/apparmor policies to restrict GPU driver access to trusted applications only.

# Configure SELinux policies to restrict mali device access
# Example: semanage permissive -d mali_device_t

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application whitelisting to prevent malicious app execution

🔍 How to Verify

Check if Vulnerable:

Check Mali driver version: cat /sys/kernel/debug/mali0/version or check device specifications from manufacturer.

Check Version:

cat /sys/kernel/debug/mali0/version 2>/dev/null || dmesg | grep -i mali

Verify Fix Applied:

Verify driver version shows r37p0 or later after update.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • GPU driver crash messages
  • SELinux/apparmor denials for mali device access

Network Indicators:

  • Unusual outbound connections from device after local compromise

SIEM Query:

source="kernel" AND ("mali" OR "GPU") AND ("panic" OR "crash" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2022-28350
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: May 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28350, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)