CVE-2023-26083

Published Apr 6, 2023

Last updated 20 days ago

Exploit known CVSS low 3.3

Overview

Description: Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 3.3
Impact score: 1.4
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Known exploits

Data from CISA

Vulnerability name: Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Exploit added on: Apr 7, 2023
Exploit action due: Apr 28, 2023
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-401

Hype score: Not currently trending

🚨 New Module Alert! 🚨 We've just added an in-depth module on CVE-2023-26083 in our Offensive Mobile Reversing & Exploitation and Offensive Android Internals On-demand courses. 🔍 Explore: - The basics of the Mali GPU driver - How timeline streams work - How kernel pointers
@8kSec
18 Feb 2025
1640 Impressions
6 Retweets
33 Likes
20 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:arm:avalon_gpu_kernel_driver:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16AC01AB-58F9-4F1F-AC20-9439589365ED",
            "versionEndExcluding": "r43p0",
            "versionStartIncluding": "r41p0"
          },
          {
            "criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7205027-9AE7-4095-B0A7-B1ECA71ACCAE",
            "versionEndExcluding": "r43p0",
            "versionStartIncluding": "r0p0"
          },
          {
            "criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBD1423A-4F6C-4A25-8D64-07AEB3ED4104",
            "versionEndIncluding": "r32p0",
            "versionStartIncluding": "r6p0"
          },
          {
            "criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38BF4620-6A5C-4034-8D17-BC1AC5F8C711",
            "versionEndExcluding": "r43p0",
            "versionStartIncluding": "r19p0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Known exploits

Weaknesses

Social media

Configurations

References