CVE-2023-26083

3.3LOW

Key Information

Vendor: Arm
Status: Midgard; Bifrost Gpu Kernel Driver; Valhall Gpu Kernel Driver; Avalon Gpu Kernel Driver
Vendor: CVE Published:; 6 April 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-26083 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

News Articles

Google Project Zero

CVE-2023-0266CVE-2023-26083

Analyzing a Modern In-the-wild Android Exploit

By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting...

9 months ago

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by Google Project Zero
Mar 12, 2024
👾
Exploit exists.
Apr 7, 2023
Vulnerability published.
Apr 6, 2023
Vulnerability Reserved.
Feb 20, 2023

Collectors

NVD DatabaseMitre DatabaseCISA Database1 News Article(s)