CVE-2023-6143 Mali GPU Kernel Driver allows improper GPU memory processing operations

2024-03-0409:54:23

CWE-416

Arm

www.cve.org

cve-2023-6143; mali gpu; kernel driver; arm ltd; use after free; vulnerability; memory processing operations; exploit; software race condition; local user; non-privileged; race condition; memory preparation; heavy load; use-after-free; midgard gpu; bifrost gpu; valhall gpu; 5th gen gpu architecture; r13p0; r32p0; r1p0; r18p0; r37p0; r46p0; r41p0

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user and the system is under heavy load, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r1p0 through r18p0; Valhall GPU Kernel Driver: from r37p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Midgard GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "lessThanOrEqual": "r32p0",
        "status": "affected",
        "version": "r13p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Bifrost GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r19p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r18p0",
        "status": "affected",
        "version": "r1p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Valhall GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r47p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r46p0",
        "status": "affected",
        "version": "r37p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Arm 5th Gen GPU Architecture Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r47p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r46p0",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  }
]

References

developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities