CVE-2023-4272
Mali GPU Kernel Driver exposes sensitive data from freed memory
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.
Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU que expongan datos confidenciales de la memoria previamente liberada.
*Credits:
Jann Horn at Google
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-09 CVE Reserved
- 2023-11-07 CVE Published
- 2023-11-15 EPSS Updated
- 2024-09-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-1251: Mirrored Regions with Different Values
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities | 2023-11-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arm Search vendor "Arm" | Bifrost Gpu Kernel Driver Search vendor "Arm" for product "Bifrost Gpu Kernel Driver" | >= r0p0 <= r41p0 Search vendor "Arm" for product "Bifrost Gpu Kernel Driver" and version " >= r0p0 <= r41p0" | - |
Affected
| ||||||
| Arm Search vendor "Arm" | Mali Gpu Kernel Driver Search vendor "Arm" for product "Mali Gpu Kernel Driver" | r41p0 Search vendor "Arm" for product "Mali Gpu Kernel Driver" and version "r41p0" | - |
Affected
| ||||||
| Arm Search vendor "Arm" | Midgard Gpu Kernel Driver Search vendor "Arm" for product "Midgard Gpu Kernel Driver" | >= r8p0 <= r32p0 Search vendor "Arm" for product "Midgard Gpu Kernel Driver" and version " >= r8p0 <= r32p0" | - |
Affected
| ||||||
| Arm Search vendor "Arm" | Valhall Gpu Kernel Driver Search vendor "Arm" for product "Valhall Gpu Kernel Driver" | >= r19p0 <= r41p0 Search vendor "Arm" for product "Valhall Gpu Kernel Driver" and version " >= r19p0 <= r41p0" | - |
Affected
| ||||||