CVE-2023-26083
published 2023-04-06CVE-2023-26083: Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from…
PriorityP274low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-04-28
Exploited in the wild
EPSS
1.42%
69.4th percentile
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r41p0 < r43p0 | r43p0 |
| arm | bifrost_gpu_kernel_driver | >= r0p0 < r43p0 | r43p0 |
| arm | midgard_gpu_kernel_driver | r6p0 – r32p0 | — |
| arm | valhall_gpu_kernel_driver | >= r19p0 < r43p0 | r43p0 |
| android | — | — | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability affects Arm Mali GPU Kernel Driver (Midgard, Bifrost, Valhall, Avalon families); detection should focus on non-privileged processes making anomalous GPU processing operations that may expose kernel metadata ↗
- →Android Security Bulletin classifies this as a Mali component vulnerability (A-272073598); patch status can be verified against the 2023-07-01 Android Security Bulletin ↗
- →CVE-2023-26083 is listed in CISA KEV, indicating confirmed in-the-wild exploitation; prioritize detection and patching on Android/ChromeOS devices using affected Arm Mali GPUs ↗
- →ChromeOS LTS channel was patched in April 2023 in relation to this CVE; monitor ChromeOS device fleet for unpatched LTS builds ↗
- ·Affected driver version ranges are broad; Midgard r6p0–r32p0, Bifrost r0p0–r42p0, Valhall r19p0–r42p0, Avalon r41p0–r42p0 are all vulnerable. Ensure version identification covers all four GPU families before concluding a device is unaffected. ↗
- ·The Android Security Bulletin entry is marked with an asterisk (*) on the reference A-272073598, which typically indicates the patch is not publicly available via AOSP; patching depends on OEM/vendor driver updates rather than standard AOSP patch application. ↗
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vulncheck3.3LOW
cisa3.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
Analyzing a Modern In-the-wild Android Exploit - Project Zero
project_zero·2023-09-01·CVSS 7.8
CVE-2022-22706 [HIGH] Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project Zero
## Introduction
In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.
Notably, several of the previous stages of the exploit chain used n-day vulnerabilities:
-
CVE-2022-4262, a 0-day vulnerability in Chrome was exploited in the Samsung browser to achieve RCE.
-
CVE-2022-3038, a Chrome n-day that unpatched in the Samsung
GHSA
GHSA-xfv3-jp8h-q7v6: Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all version
ghsa_unreviewed·2023-04-06
CVE-2023-26083 [MEDIUM] CWE-401 GHSA-xfv3-jp8h-q7v6: Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all version
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
VulnCheck
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
vulncheck·2023·CVSS 3.3
CVE-2023-26083 [LOW] CWE-401 Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Affected: Arm Mali Graphics Processing Unit (GPU)
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://googleprojectzero.blogspot.com/2
Android
CVE-2023-26083: Mali
vendor_android·2023-07-01·CVSS 3.3
CVE-2023-26083 [LOW] CVE-2023-26083: Mali
Android Security Bulletin 2023-07-01
CVE: CVE-2023-26083
Severity: MEDIUM
Component: Mali
References: A-272073598*
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-26083
vendor_chrome·2023-04-27·CVSS 3.3
CVE-2023-26083 [LOW] Long Term Support Channel Update for ChromeOS: CVE-2023-26083
Long Term Support Channel Update for ChromeOS
CVE-2023-26083
CISA
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
cisa·2023-04-07·CVSS 3.3
CVE-2023-26083 [LOW] CWE-401 Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Vulnerability: Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Affected: Arm Mali Graphics Processing Unit (GPU)
Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Required Action: Apply updates per vendor instructions.
Notes: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2023-26083
Remediation Due Date: 2023-04-28
No detection rules found.
No public exploits indexed.
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttps://www.cybersecurity-help.cz/vdb/SB2023033049https://www.cybersecurity-help.cz/vulnerabilities/74210/https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttps://www.cybersecurity-help.cz/vdb/SB2023033049https://www.cybersecurity-help.cz/vulnerabilities/74210/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26083
2023-04-06
Published
2023-04-07
Added to CISA KEV
Exploited in the wild