← back
CVE-2023-26083

CVE-2023-26083

CVSS 3.3 LOWEPSS 1.4%● KEVCWE-401
In short

A memory leak in Mali GPU drivers allows unprivileged users to access sensitive kernel information through normal GPU operations. This could expose data that should remain private, though the severity is low.

Technical detail

Memory leak vulnerability affecting multiple Mali GPU kernel driver families (Midgard, Bifrost, Valhall, Avalon) enables non-privileged users to retrieve sensitive kernel metadata via valid GPU processing operations. The vulnerability stems from improper memory management (CWE-401) across specified version ranges, allowing information disclosure with local access requirements.

Summary generated and translated by AI from the official description.
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a
public PoCs found1
githubgithub.com/Noverisp3/CVE-2023-260830
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26083https://www.cybersecurity-help.cz/vdb/SB2023033049https://www.cybersecurity-help.cz/vulnerabilities/74210/