CVE-2023-32804

EPSS 0.2%
Published 04.12.2023 12:15:07
Last modified 21.11.2024 08:04:03
Source arm-security@arm.com
Teams watchlist Login
Open Login

Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Arm ≫ 5th Gen Gpu Architecture Kernel Driver Version >= r41p0 <= r44p0

Arm ≫ Bifrost Gpu Kernel Driver Version >= r0p0 <= r44p0

Arm ≫ Midgard Gpu Kernel Driver Version >= r0p0 <= r32p0

Arm ≫ Valhall Gpu Kernel Driver Version >= r19p0 <= r44p0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.426

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32804

EUVD