CVE-2023-5249

2024-02-0510:15:08

CWE-416

[email protected]

web.nvd.nist.gov

arm ltd

bifrost gpu

valhall gpu

use after free

vulnerability

kernel driver

local user

software race condition

memory processing operations

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.

Affected configurations

Nvd

Node

armbifrost_gpu_kernel_driverRanger35p0–r40p0

armvalhall_gpu_kernel_driverRanger35p0–r40p0

VendorProductVersionCPE
armbifrost_gpu_kernel_driver*cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
armvalhall_gpu_kernel_driver*cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arm	bifrost_gpu_kernel_driver	*	cpe:2.3:a:arm:bifrost_gpu_kernel_driver::::::::
arm	valhall_gpu_kernel_driver	*	cpe:2.3:a:arm:valhall_gpu_kernel_driver::::::::