- Description
- A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
- Source
- arm-security@arm.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
- Exploit added on
- Oct 3, 2023
- Exploit action due
- Oct 24, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "574A1E71-2B1E-48D4-AA93-974B4E34C64F",
"versionEndExcluding": "r43p0",
"versionStartIncluding": "r41p0"
},
{
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7205027-9AE7-4095-B0A7-B1ECA71ACCAE",
"versionEndExcluding": "r43p0",
"versionStartIncluding": "r0p0"
},
{
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16C78155-83B1-429D-9985-0327AD153FC6",
"versionEndIncluding": "r32p0",
"versionStartIncluding": "r12p0"
},
{
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BF4620-6A5C-4034-8D17-BC1AC5F8C711",
"versionEndExcluding": "r43p0",
"versionStartIncluding": "r19p0"
}
],
"operator": "OR"
}
]
}
]