3.3

CVE-2023-26083

Warnung
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arm5th Gen Gpu Architecture Kernel Driver Version >= r41p0 < r43p0
ArmBifrost Gpu Kernel Driver Version >= r0p0 < r43p0
ArmMidgard Gpu Kernel Driver Version >= r6p0 <= r32p0
ArmValhall Gpu Kernel Driver Version >= r19p0 < r43p0

07.04.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Arm Mali GPU Kernel Driver Information Disclosure Vulnerability

Schwachstelle

Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.42% 0.693
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Vendor Advisory
https://www.cybersecurity-help.cz/vdb/SB2023033049
Third Party Advisory
https://www.cybersecurity-help.cz/vulnerabilities/74210/
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26083
US Government Resource