3.3
CVE-2023-26083
- EPSS 0.36%
- Veröffentlicht 06.04.2023 16:15:07
- Zuletzt bearbeitet 30.07.2025 19:26:43
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arm ≫ 5th Gen Gpu Architecture Kernel Driver Version >= r41p0 < r43p0
Arm ≫ Bifrost Gpu Kernel Driver Version >= r0p0 < r43p0
Arm ≫ Midgard Gpu Kernel Driver Version >= r6p0 <= r32p0
Arm ≫ Valhall Gpu Kernel Driver Version >= r19p0 < r43p0
07.04.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
SchwachstelleArm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.572 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.