Memory Access Vulnerability in Arm Android Gralloc Module Affecting Multiple GPU Products
CVE-2023-22808

3.3LOW

Key Information:

Vendor: Arm
Status: Bifrost Android Gralloc Module; Valhall Android Gralloc Module; Avalon Android Gralloc Module
Vendor: CVE Published:; 11 April 2023

Summary

A vulnerability has been identified in the Arm Android Gralloc Module that allows non-privileged users to retrieve a limited segment of memory allocated by the process. This issue impacts the Bifrost, Valhall, and Avalon GPU families across various versions up to but not including their respective r42p0 releases. This could potentially expose sensitive data, underscoring the need for timely updates and robust security measures for users relying on these graphical processing units.

References

https://developer.arm.com/Arm%20Security%20Center/Mali%20...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Jan 6, 2023