Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-22706: Arm Security Updates | Mali GPU Driver Vulnerabilities – Arm Developer

An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.

CVE
#vulnerability#apple

Sorry, your browser is not supported. We recommend upgrading your browser. We have done our best to make all the documentation and resources available on old versions of Internet Explorer, but vector image support and the layout may not be optimal. Technical documentation is available as a PDF Download.

Title

Mali GPU Kernel Driver may elevate CPU RO pages to writable

CVE

CVE-2022-22706

Date of issue

6th January 2022

Affects

Midgard GPU Kernel Driver: All versions from r26p0 – r31p0
Bifrost GPU Kernel Driver: All versions from r0p0 – r35p0
Valhall GPU Kernel Driver: All versions from r19p0 – r35p0

Impact

A non-privileged user can get a write access to read-only memory pages.

Resolution

This issue is fixed in Bifrost and Valhall GPU Kernel Driver r36p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.

Credit

n/a

Title

Mali GPU Kernel Driver elevates CPU RO pages to writable

CVE

CVE-2021-44828

Date of issue

11th December 2021

Affects

Midgard GPU Kernel Driver: All versions from r26p0 – r30p0
Bifrost GPU Kernel Driver: All versions from r0p0 – r34p0
Valhall GPU Kernel Driver: All versions from r19p0 - r34p0

Impact

A non-privileged user can get a write access to read-only memory, and may be able to gain root privilege, corrupt memory and modify the memory of other processes.

Resolution

This issue is fixed in Bifrost and Valhall GPU Kernel Driver r35p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.

Credit

n/a

Title

Mali GPU Kernel Driver allows improper operations on GPU memory

CVE

CVE-2021-28663

Date of issue

18th March 2021

Affects

Midgard GPU Kernel Driver: All versions from r4p0 – r30p0
Bifrost GPU Kernel Driver: All versions from r0p0 – r28p0
Valhall GPU Kernel Driver: All versions from r19p0 - r28p0

Impact

A non-privileged user can make improper operations on GPU memory to enter into a use-after-free scenario and may be able to gain root privilege, and/or disclose information.

Resolution

This issue is fixed in Bifrost and Valhall GPU Kernel Driver r29p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.

Credit

n/a

Title

Mali GPU Kernel Driver elevates CPU RO pages to writable

CVE

CVE-2021-28664

Date of issue

18th March 2021

Affects

Midgard GPU Kernel Driver: All versions from r8p0 – r30p0
Bifrost GPU Kernel Driver: All versions from r0p0 – r28p0
Valhall GPU Kernel Driver: All versions from r19p0 - r28p0

Impact

A non-privileged user can get a write access to read-only memory, and may be able to gain root privilege, corrupt memory and modify the memory of other processes.

Resolution

This issue is fixed in Bifrost and Valhall GPU Kernel Driver r29p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.

Credit

n/a

Title

Mali GPU Kernel Driver allows improper operations on GPU memory

CVE

CVE-2021-29256

Date of issue

26th March 2021

Affects

Midgard GPU Kernel Driver: All versions from r28p0 – r30p0
Bifrost GPU Kernel Driver: All versions from r16p0 – r29p0
Valhall GPU Kernel Driver: All versions from r19p0 - r29p0

Impact

A non-privileged User can make improper operations on GPU memory to gain access to already freed memory and may be able to gain root privilege, and/or disclose information.

Resolution

This issue is fixed in Bifrost and Valhall GPU Kernel Driver r30p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.

Credit

Thanks to Brice Berna, of the Apple Media Products RedTeam for reporting this vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907