CVE-2023-44216
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión transparente por software que permite ataques de robo de píxeles de origen cruzado contra feTurbulence y feBlend en la especificación del filtro SVG, también conocido como un problema GPU.zip. Por ejemplo, los atacantes a veces pueden determinar con precisión el texto contenido en una página web de un origen si controlan un recurso de un origen diferente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-26 CVE Reserved
- 2023-09-26 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-08-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack | Media Coverage | |
| https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level | Media Coverage | |
| https://blog.imaginationtech.com/reducing-bandwidth-pvric | Media Coverage | |
| https://github.com/UT-Security/gpu-zip | Third Party Advisory | |
| https://news.ycombinator.com/item?id=37663159 | Issue Tracking | |
| https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack | Media Coverage | |
| https://www.hertzbleed.com/gpu.zip | Technical Description |
| URL | Date | SRC |
|---|---|---|
| https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf | 2024-08-02 | |
| https://www.w3.org/TR/filter-effects-1 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| in | Amd Search vendor "Amd" | Ryzen 7 4800u Search vendor "Amd" for product "Ryzen 7 4800u" | - | - |
Affected
|
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| in | Intel Search vendor "Intel" | Core I7-10510u Search vendor "Intel" for product "Core I7-10510u" | - | - |
Affected
|
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| in | Intel Search vendor "Intel" | Core I7-12700k Search vendor "Intel" for product "Core I7-12700k" | - | - |
Affected
|
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| in | Intel Search vendor "Intel" | Core I7-8700 Search vendor "Intel" for product "Core I7-8700" | - | - |
Affected
|
| Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | professional |
Affected
| in | Intel Search vendor "Intel" | Core I7-10610u Search vendor "Intel" for product "Core I7-10610u" | - | - |
Affected
|
| Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | home |
Affected
| in | Intel Search vendor "Intel" | Core I7-11800h Search vendor "Intel" for product "Core I7-11800h" | - | - |
Affected
|
| Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | home |
Affected
| in | Nvidia Search vendor "Nvidia" | Geforce Rtx 3060 Search vendor "Nvidia" for product "Geforce Rtx 3060" | - | - |
Affected
|
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | pro |
Affected
| in | Amd Search vendor "Amd" | Ryzen 5 7600x Search vendor "Amd" for product "Ryzen 5 7600x" | - | - |
Affected
|
| Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | pro |
Affected
| in | Nvidia Search vendor "Nvidia" | Geforce Rtx 2080 Super Search vendor "Nvidia" for product "Geforce Rtx 2080 Super" | - | - |
Affected
|
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | 13.1 Search vendor "Apple" for product "Macos" and version "13.1" | - |
Affected
| in | Apple Search vendor "Apple" | M1 Mac Mini Search vendor "Apple" for product "M1 Mac Mini" | - | - |
Affected
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 13.0 Search vendor "Google" for product "Android" and version "13.0" | - |
Affected
| in | Google Search vendor "Google" | Pixel 6 Search vendor "Google" for product "Pixel 6" | - | - |
Affected
|