AttackerKBAKB:B1B3C381-E143-4582-B3D8-738A5539ED43CVE-2023-4211
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.213 Low
EPSS
Percentile
96.4%
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
References
arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/
chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html
chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4211
developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
source.android.com/docs/security/bulletin/pixel/2023-09-01
www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.213 Low
EPSS
Percentile
96.4%