CVE-2023-4295

Published Nov 7, 2023

Last updated a month ago

CVSS high 7.8

Overview

Description: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Source: arm-security@arm.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

arm-security@arm.com: CWE-190
nvd@nist.gov: CWE-190

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:arm:mali_gpu_kernel_driver:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7423B409-4A0A-4D77-9F72-542269614417",
            "versionEndExcluding": "r43p0",
            "versionStartIncluding": "r41p0"
          },
          {
            "criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4D95BF7-BF77-4B50-8B65-420ACCB62781",
            "versionEndIncluding": "r42p0",
            "versionStartIncluding": "r29p0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References