Overview
- Description
- A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
- Source
- arm-security@arm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Known exploits
Data from CISA
- Vulnerability name
- Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
- Exploit added on
- Oct 3, 2023
- Exploit action due
- Oct 24, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D525477-F5C3-459A-B5D6-3B1C75B0069B",
"versionEndIncluding": "r42p0",
"versionStartIncluding": "r41p0"
},
{
"criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF8078F2-C783-47EC-9C28-6DA97ECEFEEA",
"versionEndIncluding": "r42p0",
"versionStartIncluding": "r0p0"
},
{
"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "888E7E35-B0F4-453F-8B51-B2929E504C25",
"versionEndIncluding": "r32p0",
"versionStartIncluding": "r12p0"
},
{
"criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4071968-E656-4D71-AF92-EA3C551C5FF4",
"versionEndIncluding": "r42p0",
"versionStartIncluding": "r19p0"
}
],
"operator": "OR"
}
]
}
]