CVE-2023-4295 – Mali GPU Kernel Driver allows improper GPU memory processing operations
https://notcve.org/view.php?id=CVE-2023-4295
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. Un usuario local sin privilegios puede realizar operaciones inadecuadas de procesamiento de la memoria de la GPU para obtener acceso a la memoria ya liberada. Arm Mali CSF has a refcount overflow bugfix in r43p0 that was misclassified as a memory leak fix. • http://packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVE-2023-4272 – Mali GPU Kernel Driver exposes sensitive data from freed memory
https://notcve.org/view.php?id=CVE-2023-4272
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU que expongan datos confidenciales de la memoria previamente liberada. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1251: Mirrored Regions with Different Values •
CVE-2023-34970 – Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://notcve.org/view.php?id=CVE-2023-34970
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para acceder a una cantidad acotada fuera de los límites del búfer o para explotar una condición de ejecución del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podría darle acceso a la memoria ya liberada. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2023-33200 – Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://notcve.org/view.php?id=CVE-2023-33200
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para aprovechar una condición de carrera del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podría darle acceso a la memoria ya liberada. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •