cbcvebase.
CVE-2023-4211
published 2023-10-01

CVE-2023-4211: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

PriorityP278medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-10-24
Exploited in the wild
EPSS
1.36%
68.3th percentile
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Affected

16 ranges
VendorProductVersion rangeFixed in
arm5th_gen_gpu_architecture_kernel_driver>= r41p0 < r43p0r43p0
armbifrost_gpu_kernel_driver>= r0p0 < r43p0r43p0
armmidgard_gpu_kernel_driverr12p0 – r32p0
armvalhall_gpu_kernel_driver>= r19p0 < r43p0r43p0
arm_ltdarm_5th_gen_gpu_architecture_kernel_driverr41p0 – r42p0
arm_ltdbifrost_gpu_kernel_driverr0p0 – r42p0
arm_ltdmidgard_gpu_kernel_driverr12p0 – r32p0
arm_ltdvalhall_gpu_kernel_driverr19p0 – r42p0
cakephpcakephp>= 4.2.0 < 4.2.124.2.12
cakephpcakephp>= 4.3.0 < 4.3.114.3.11
cakephpcakephp>= 4.4.0 < 4.4.104.4.10
cakephpdatabase>= 4.2.0 < 4.2.124.2.12
cakephpdatabase>= 4.3.0 < 4.3.114.3.11
cakephpdatabase>= 4.4.0 < 4.4.104.4.10
googleandroid
googlechrome_chrome

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-4211 is a use-after-free in the Arm Mali GPU Kernel Driver exploitable by a local non-privileged user via improper GPU memory processing operations; evidence of limited, targeted in-the-wild exploitation has been confirmed by Arm.
  • Exploitation typically requires local access, commonly achieved by tricking users into downloading applications from unofficial repositories.
  • Android Security Bulletin October 2023 tracks this as HIGH severity under the Mali component with Android reference A-294605494; monitor for unpatched Android devices running affected Mali GPU drivers.
  • Related race-condition vulnerabilities CVE-2023-33200 and CVE-2023-34970 affect the same driver family (Bifrost, Valhall, Arm 5th Gen) and may be chained or used alongside CVE-2023-4211 in the same attack surface.
  • ·Midgard GPU kernel driver versions r12p0 through r32p0 are vulnerable and will NOT receive a patch as Midgard is end-of-life/no longer supported.
  • ·Bifrost GPU kernel driver versions r0p0 through r42p0 are vulnerable; fixed in r43p0.
  • ·Valhall GPU kernel driver versions r19p0 through r42p0 are vulnerable; fixed in r43p0.
  • ·Arm 5th Gen GPU architecture kernel driver versions r41p0 through r42p0 are vulnerable; fixed in r43p0.
  • ·The fix (r43p0) was released March 24, 2023, but actual device patch availability depends on OEM/vendor supply chain integration timelines.
  • ·Red Hat Enterprise Linux (all versions 6–9) is not affected as it does not distribute the Arm Mali GPU drivers.

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
cisa5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.