CVE-2023-4211

Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

CVSS 5.5 MEDIUMEPSS 1.4%● KEVCWE-416

In short

A local user can access memory that was already freed on a Mali GPU, potentially exposing sensitive data or causing system instability. This happens because the GPU driver doesn't properly manage memory cleanup.

Technical detail

A use-after-free vulnerability (CWE-416) in the Mali GPU kernel driver allows a local unprivileged attacker to perform improper GPU memory operations and access freed memory. No special privileges are required; the attack vector is local and exploits insufficient memory state management in the GPU driver, potentially leading to information disclosure or denial of service.

Summary generated and translated by AI from the official description.

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Arm Ltd · Arm 5th Gen GPU Architecture Kernel Driver Arm Ltd · Bifrost GPU Kernel Driver Arm Ltd · Midgard GPU Kernel Driver Arm Ltd · Valhall GPU Kernel Driver

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4211