Lucene search

K
cvelistArmCVELIST:CVE-2023-3889
HistoryNov 07, 2023 - 3:28 p.m.

CVE-2023-3889 Mali GPU Kernel Driver exposes sensitive data from freed memory

2023-11-0715:28:43
CWE-667
CWE-119
Arm
www.cve.org
1
cve-2023-3889
mali gpu
kernel driver
sensitive data
freed memory
local user
improper operations
gpu memory
non-privileged user

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Valhall GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r44p1",
            "status": "unaffected"
          },
          {
            "at": "r45p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r44p0",
        "status": "affected",
        "version": "r38p0",
        "versionType": "patch"
      }
    ]
  }
]

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

Related for CVELIST:CVE-2023-3889