CVE-2022-34830

Published: Nov 23, 2022Modified: Apr 28, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.

Affected (2)

Products: Arm: Utgard Gpu Kernel Driver

Arm

1 product

Utgard Gpu Kernel Driver

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Arm Utgard Gpu Kernel Driver	Version r11p0
Arm Utgard Gpu Kernel Driver	Version r12p0

Related CWEs

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (4)

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Source: cve@mitre.org

Vendor Advisory

https://developer.arm.com/support/arm-security-updates

Source: cve@mitre.org

Vendor Advisory

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://developer.arm.com/support/arm-security-updates

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.