Researchers at Google’s Project Zero began discovering vulnerabilities related to the Mali GPU driver in June, 2022, collectively tracked as CVE-2022-33917 and CVE-2022-36449. The first CVE allows non-privileged users to abuse GPU processing operations to access freed memory spaces, impacting Arm Mali GPU kernel drivers Valhall r29p0 to r38p0. The second CVE would allow a non-privileged user to manipulate freed memory to discover memory mapping details, impacting Arm Mali GPU kernel drivers Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
The vulnerabilities are rated as medium severity, but affect a wide range of Android devices. These devices include: