Main Vulnerability Database Exploits ID:9168 - Exploit for Use-after-free in ARM products - CVE-2022-38181

ID:9168 - Exploit for Use-after-free in ARM products - CVE-2022-38181

Published: July 3, 2023

Vulnerability identifier: #VU74191

Vulnerability risk: High

CVE-ID: CVE-2022-38181

CWE-ID: CWE-416

Exploitation vector: Local access

Vulnerable software:
Midgard GPU Kernel Driver
Bifrost GPU Kernel Driver
Valhall GPU Kernel Driver

Link to public exploit:

https://github.com/Pro-me3us/CVE_2022_38181_Gazelle

Vulnerability description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, this vulnerability is known to be exploited in targeted attacks spotted in November 2022.

Remediation

Install updates from vendor's website.

ID:9168 - Exploit for Use-after-free in ARM products - CVE-2022-38181

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human