CVE-2023-28469Use After Free in ARM Avalon GPU Kernel Driver

CWE-416Use After Free3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 63.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ARM Avalon GPU Kernel DriverARM Valhall GPU Kernel DriverGoogle Android
Timeline
PublishedJun 2
Latest updateNov 1

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDarm/valhall_gpu_kernel_driverr29p0r43p0
NVDarm/avalon_gpu_kernel_driverr41p0r43p0

🔴Vulnerability Details

1
GHSA
GHSA-xmp7-hhpr-wjgh: An issue was discovered in the Arm Mali GPU Kernel Driver2023-06-02

📋Vendor Advisories

1
Android
CVE-2023-28469: Mali2023-11-01