⚠ Actively exploited
Added to CISA KEV on 2023-04-07. Federal agencies required to patch by 2023-04-28. Required action: Apply updates per vendor instructions..
CVE-2023-26083 — Missing Release of Memory after Effective Lifetime in ARM 5TH GEN GPU Architecture Kernel Driver
Severity
3.3LOWNVD
EPSS
5.2%
top 10.03%
CISA KEV
KEV
Added 2023-04-07
Due 2023-04-28
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedApr 6
KEV addedApr 7
KEV dueApr 28
Latest updateJul 10
CISA Required Action: Apply updates per vendor instructions.
Description
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4
Affected Packages6 packages
🔴Vulnerability Details
3GHSA▶
GHSA-xfv3-jp8h-q7v6: Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all version↗2023-04-06
📋Vendor Advisories
3📄Research Papers
1arXiv▶
Vulnerability Management Chaining: An Integrated Framework for Efficient Cybersecurity Risk Prioritization↗2025-07-10