3.3
CVE-2023-26083
- EPSS 1.42%
- Veröffentlicht 06.04.2023 16:15:07
- Zuletzt bearbeitet 03.11.2025 18:14:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arm ≫ 5th Gen Gpu Architecture Kernel Driver Version >= r41p0 < r43p0
Arm ≫ Bifrost Gpu Kernel Driver Version >= r0p0 < r43p0
Arm ≫ Midgard Gpu Kernel Driver Version >= r6p0 <= r32p0
Arm ≫ Valhall Gpu Kernel Driver Version >= r19p0 < r43p0
07.04.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
SchwachstelleArm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.42% | 0.693 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://www.cybersecurity-help.cz/vdb/SB2023033049
https://www.cybersecurity-help.cz/vulnerabilities/74210/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26083