CVE-2023-28147Missing Release of Resource after Effective Lifetime in ARM Avalon GPU Kernel Driver

CWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 63.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ARM Avalon GPU Kernel DriverARM Bifrost GPU Kernel DriverARM Valhall GPU Kernel Driver+2 more
Timeline
PublishedJun 2
Latest updateSep 15

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDarm/bifrost_gpu_kernel_driverr17p0r43p0
NVDarm/valhall_gpu_kernel_driverr19p0r43p0
NVDarm/midgard_gpu_kernel_driverr29p0r32p0
NVDarm/avalon_gpu_kernel_driverr41p0r43p0

🔴Vulnerability Details

1
GHSA
GHSA-38mh-jrc4-gqqf: An issue was discovered in the Arm Mali GPU Kernel Driver2023-06-02

📋Vendor Advisories

2
Red Hat
kernel: watchdog: Fix kmemleak in watchdog_cdev_register2025-09-15
Android
CVE-2023-28147: Mali2023-07-01