Mali GPU Userspace Driver can make an Out-of-Bounds access
CVE-2023-32804

7.8HIGH

Key Information:

Vendor: Arm Ltd
Status: Midgard Gpu Userspace Driver; Bifrost Gpu Userspace Driver; Valhall Gpu Userspace Driver; Arm 5th Gen Gpu Architecture Userspace Driver
Vendor: CVE Published:; 4 December 2023

Summary

An out-of-bounds write vulnerability exists within the Arm Ltd GPU Userspace Drivers, including the Midgard, Bifrost, Valhall, and 5th Gen GPU Architecture Drivers. This flaw allows a local, non-privileged user to write data to a limited amount of memory not allocated by the drivers, potentially leading to system instability or unauthorized access to sensitive information. The affected versions range from r0p0 to r32p0 for Midgard, r0p0 to r44p0 for Bifrost, r19p0 to r44p0 for Valhall, and r41p0 to r44p0 for the 5th Gen GPU Architecture. Organizations utilizing these drivers should ensure they are aware of this issue and assess their exposure.

Affected Version(s)

Arm 5th Gen GPU Architecture Userspace Driver r41p0

Bifrost GPU Userspace Driver r0p0

Midgard GPU Userspace Driver r0p0

References

https://developer.arm.com/Arm%20Security%20Center/Mali%20...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2023
Vulnerability Reserved
May 15, 2023