About CVE-2022-46394 – know a little bit about it (9th Mar 2023)

Preface: The Android Neural Networks API (NNAPI) is an Android C API designed for running computationally intensive operations for machine learning on Android devices. NNAPI is designed to provide a base layer of functionality for higher-level machine learning frameworks, such as TensorFlow Lite and Caffe2, that build and train neural networks. The API is available on all Android devices running Android 8.1 (API level 27) or higher.

Background: The Android and Linux version of the Mali GPUs Device Driver provide low-level access to the Mali GPUs that are part of the Valhall family. What is Mali driver? This driver enables support for Mali Bifrost and Midgard GPUs in Android NNAPI. The files are provided under an MIT software license.
The Android Neural Networks API (NNAPI) is an Android C API designed for performing computationally intensive tasks on Android devices for machine learning. Pickle is a useful Python tool that allows you to save your ML models, to minimize lengthy re-training and allows you to share, commit, and re-load pre-trained machine learning models.
Furthermore, Midgard architecture Mali GPUs are typically used in a mobile or embedded environment to accelerate 2D graphics, 3D graphics, and computations.

Vulnerability details: CVE-2022-46394 – An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. The vulnerability is identified as CVE-2022-46394 and requires local access to exploit. Please refer to the url for details – https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Observation:A shared pointer makes it almost impossible to track the owner of objects. If this is the way, it give a way for attacker gain access to already freed memory.

Impact:This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.