CVE-2023-33200
published 2023-10-03CVE-2023-33200: A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by…
PriorityP418medium4.7CVSS 3.1
AVLACHPRLUINSUCNINAH
EPSS
0.29%
20.9th percentile
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | >= r17p0 < r44p1 | r44p1 |
| arm | mali_gpu_kernel_driver | >= r41p0 < r44p1 | r44p1 |
| arm | valhall_gpu_kernel_driver | >= r19p0 < r44p1 | r44p1 |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | >= r41p0 < r44p1 | r44p1 |
| arm_ltd | bifrost_gpu_kernel_driver | >= r17p0 < r44p1 | r44p1 |
| arm_ltd | valhall_gpu_kernel_driver | >= r19p0 < r44p1 | r44p1 |
| android | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2023-33200: Mali
vendor_android·2023-10-01·CVSS 4.7
CVE-2023-33200 [MEDIUM] CVE-2023-33200: Mali
Android Security Bulletin 2023-10-01
CVE: CVE-2023-33200
Severity: HIGH
Component: Mali
References: A-287627703
*
GHSA
GHSA-vhhr-5xx2-jq68: A local non-privileged user can make improper GPU processing operations to exploit a software race condition
ghsa_unreviewed·2023-10-03
CVE-2023-33200 [MEDIUM] CWE-416 GHSA-vhhr-5xx2-jq68: A local non-privileged user can make improper GPU processing operations to exploit a software race condition
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
No detection rules found.
No public exploits indexed.
2023-10-03
Published