CVE-2023-5249 Mali GPU Kernel Driver allows improper GPU memory processing operations

2024-02-0510:01:18

CWE-416

Arm

github.com

cve-2023-5249

mali gpu

kernel driver

use after free

arm ltd

bifrost

valhall

local user

improper memory processing

software race condition

memory preparation

vulnerability

exploit

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.2%

JSON

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bifrost GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r41p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r40p0",
        "status": "affected",
        "version": "r35p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Valhall GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r41p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r40p0",
        "status": "affected",
        "version": "r35p0",
        "versionType": "patch"
      }
    ]
  }
]