Mali GPU Kernel Driver exposes sensitive data from freed memory
CVE-2023-4272
5.5MEDIUM
Key Information:
- Vendor
- Arm Ltd
- Status
- Midgard Gpu Kernel Driver
- Bifrost Gpu Kernel Driver
- Valhall Gpu Kernel Driver
- Arm 5th Gen Gpu Architecture Kernel Driver
- Vendor
- CVE Published:
- 7 November 2023
Summary
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.
Affected Version(s)
Arm 5th Gen GPU Architecture Kernel Driver r41p0
Bifrost GPU Kernel Driver r0p0
Midgard GPU Kernel Driver r8p0
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jann Horn at Google