CVE-2023-4211
published 2023-10-01CVE-2023-4211: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
PriorityP278medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-10-24
Exploited in the wild
EPSS
1.36%
68.3th percentile
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r41p0 < r43p0 | r43p0 |
| arm | bifrost_gpu_kernel_driver | >= r0p0 < r43p0 | r43p0 |
| arm | midgard_gpu_kernel_driver | r12p0 – r32p0 | — |
| arm | valhall_gpu_kernel_driver | >= r19p0 < r43p0 | r43p0 |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r41p0 – r42p0 | — |
| arm_ltd | bifrost_gpu_kernel_driver | r0p0 – r42p0 | — |
| arm_ltd | midgard_gpu_kernel_driver | r12p0 – r32p0 | — |
| arm_ltd | valhall_gpu_kernel_driver | r19p0 – r42p0 | — |
| cakephp | cakephp | >= 4.2.0 < 4.2.12 | 4.2.12 |
| cakephp | cakephp | >= 4.3.0 < 4.3.11 | 4.3.11 |
| cakephp | cakephp | >= 4.4.0 < 4.4.10 | 4.4.10 |
| cakephp | database | >= 4.2.0 < 4.2.12 | 4.2.12 |
| cakephp | database | >= 4.3.0 < 4.3.11 | 4.3.11 |
| cakephp | database | >= 4.4.0 < 4.4.10 | 4.4.10 |
| android | — | — | |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-4211 is a use-after-free in the Arm Mali GPU Kernel Driver exploitable by a local non-privileged user via improper GPU memory processing operations; evidence of limited, targeted in-the-wild exploitation has been confirmed by Arm. ↗
- →Exploitation typically requires local access, commonly achieved by tricking users into downloading applications from unofficial repositories. ↗
- →Android Security Bulletin October 2023 tracks this as HIGH severity under the Mali component with Android reference A-294605494; monitor for unpatched Android devices running affected Mali GPU drivers. ↗
- →Related race-condition vulnerabilities CVE-2023-33200 and CVE-2023-34970 affect the same driver family (Bifrost, Valhall, Arm 5th Gen) and may be chained or used alongside CVE-2023-4211 in the same attack surface. ↗
- ·Midgard GPU kernel driver versions r12p0 through r32p0 are vulnerable and will NOT receive a patch as Midgard is end-of-life/no longer supported. ↗
- ·Bifrost GPU kernel driver versions r0p0 through r42p0 are vulnerable; fixed in r43p0. ↗
- ·Valhall GPU kernel driver versions r19p0 through r42p0 are vulnerable; fixed in r43p0. ↗
- ·Arm 5th Gen GPU architecture kernel driver versions r41p0 through r42p0 are vulnerable; fixed in r43p0. ↗
- ·The fix (r43p0) was released March 24, 2023, but actual device patch availability depends on OEM/vendor supply chain integration timelines. ↗
- ·Red Hat Enterprise Linux (all versions 6–9) is not affected as it does not distribute the Arm Mali GPU drivers. ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
cisa5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
cisa·2023-10-03·CVSS 5.5
CVE-2023-4211 [MEDIUM] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Vulnerability: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Affected: Arm Mali GPU Kernel Driver
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2023-4211
Remediation Due Date: 2023-10-24
Android
CVE-2023-4211: Mali
vendor_android·2023-10-01·CVSS 5.5
CVE-2023-4211 [MEDIUM] CVE-2023-4211: Mali
Android Security Bulletin 2023-10-01
CVE: CVE-2023-4211
Severity: HIGH
Component: Mali
References: A-294605494
*
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-4211
vendor_chrome·2023-08-23·CVSS 5.5
CVE-2023-4211 [MEDIUM] Long Term Support Channel Update for ChromeOS: CVE-2023-4211
Long Term Support Channel Update for ChromeOS
CVE-2023-4211
Red Hat
kernel: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
vendor_redhat·2023-08-15·CVSS 5.5
CVE-2023-4211 [MEDIUM] CWE-416 kernel: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
kernel: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Statement: Red Hat products are not directly affected by this vulnerability since we don't distributed the affected ARM MALI GPU drivers
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Not affected
Package: kernel (Red Hat Enterprise Linux 9) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 9) - Not affected
GHSA
GHSA-7537-p54v-mh3v: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory
ghsa_unreviewed·2023-10-01
CVE-2023-4211 [MEDIUM] CWE-416 GHSA-7537-p54v-mh3v: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
GHSA
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
ghsa·2023-01-20
CVE-2023-22727 [CRITICAL] CWE-89 CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
### Impact
The `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data.
### Patches
This issue has been fixed in 4.2.12, 4.3.11, 4.4.10
### Workarounds
Using CakePHP's Pagination library will mitigate this issue, as will validating or casting parameters to these methods.
### References
https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html
VulnCheck
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
vulncheck·2023·CVSS 5.5
CVE-2023-4211 [MEDIUM] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Affected: Arm Mali GPU Kernel Driver
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://source.android.com/docs/security/bulletin/pixel/2023-09-01; https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/
Project0
Project Zero RCA: CVE-2023-4211: Use-after-Free in ARM Mali GPU Driver
project_zero·CVSS 5.5
CVE-2023-4211 [MEDIUM] Project Zero RCA: CVE-2023-4211: Use-after-Free in ARM Mali GPU Driver
# CVE-2023-4211: Use-after-Free in ARM Mali GPU Driver
*Maddie Stone & Jann Horn*
## The Basics
**Disclosure or Patch Date:** October 2, 2023
**Product:** ARM Mali GPU Driver
**Advisory:**
* Android: https://source.android.com/docs/security/bulletin/2023-10-01
* ARM: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
**Affected Versions:**
Android: Pre-Security Patch Level October 2023
ARM:
* Midgard GPU Kernel Driver: All versions from r12p0 - r32p0
* Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0
* Valhall GPU Kernel Driver: All versions from r19p0 - r42p0
* Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 - r42p0
**First Patched Version:**
* Android SPL 2023-10-05
* ARM Mali GPU driver r43
**Issue/Bug Report:*
No detection rules found.
No public exploits indexed.
Bleepingcomputer
December Android updates fix critical zero-click RCE flaw
blogs_bleepingcomputer·2023-12-04·CVSS 8.4
CVE-2023-40088 [HIGH] December Android updates fix critical zero-click RCE flaw
## December Android updates fix critical zero-click RCE flaw
## Sergiu Gatlan
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.
Tracked as CVE-2023-40088, the zero-click RCE bug was found in Android's System component and doesn't require additional privileges to be exploited.
While the company has yet to reveal if attackers have targeted this security flaw in the wild, threat actors could exploit it to gain arbitrary code execution without user interaction.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User int
Bleepingcomputer
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
blogs_bleepingcomputer·2023-10-03·CVSS 8.4
CVE-2022-22071 [HIGH] Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
## Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
## Bill Toulas
The CVE-2022-22071 flaw was disclosed in May 2022 and is a high-severity (CVSS v3.1: 8.4) locally exploitable use after free bug impacting popular chips like the SD855, SD865 5G, and SD888 5G
Qualcomm has not released any details on the actively exploited CVE-2023-33106, CVE-2022-22071, and CVE-2023-33063 flaws and will provide more information in its December 2023 bulletin.
This month's security bulletin also warns of three other critical vulnerabilities:
CVE-2023-24855 : Memory corruption in Qualcomm’s Modem component occurring when processing security-related configurations before the AS Security Exchange. (CVSS v3.1: 9.8)
CVE-2023-28540 : Cryptographic issue in the Data Modem component arising fro
Bleepingcomputer
Arm warns of Mali GPU flaws likely exploited in targeted attacks
blogs_bleepingcomputer·2023-10-02·CVSS 4.7
[MEDIUM] Arm warns of Mali GPU flaws likely exploited in targeted attacks
## Arm warns of Mali GPU flaws likely exploited in targeted attacks
## Bill Toulas
“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” Arm explains in the advisory .
The company adds that it has found evidence that the vulnerability “may be under limited, targeted exploitation.”
The following driver versions are impacted by the vulnerability:
Midgard GPU kernel driver: All versions from r12p0 to r32p0
Bifrost GPU kernel driver: All versions from r0p0 to r42p0
Valhall GPU kernel driver: All versions from r19p0 to r42p0
Arm 5th Gen GPU architecture kernel driver: All versions from r41p0 to r42p0
Midgard, Bifrost, and Valhall series were introduced in 2013, 2016, and 2019, respectively, so they concern older device
Bugzilla
CVE-2023-52700 kernel: tipc: fix kernel warning when sending SYN message
bugzilla·2024-05-22·CVSS 5.5
CVE-2023-52700 [MEDIUM] CVE-2023-52700 kernel: tipc: fix kernel warning when sending SYN message
CVE-2023-52700 kernel: tipc: fix kernel warning when sending SYN message
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix kernel warning when sending SYN message
The Linux kernel CVE team has assigned CVE-2023-52700 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52700-1e45@gregkh/T
Discussion:
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2023-52700 is: SKIP The Fixes patch not applied yet, so unlikely that actual: f25dcc7687d42a72de18aa41b04990a24c9e77c7 YES NO YES unknown (where first YES/NO value means if related sources built).
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/err
Bugzilla
CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
bugzilla·2024-05-22·CVSS 7.8
CVE-2023-52835 [HIGH] CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Bail out early if the request AUX area is out of bound
The Linux kernel CVE team has assigned CVE-2023-52835 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052109-CVE-2023-52835-80ee@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
---
This issue has been addressed in the following products:
Red Hat Ente
Bugzilla
CVE-2023-52560 kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions()
bugzilla·2024-03-04·CVSS 5.5
CVE-2023-52560 [MEDIUM] CVE-2023-52560 kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions()
CVE-2023-52560 kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions()
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
The Linux kernel CVE team has assigned CVE-2023-52560 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024030252-CVE-2023-52560-c3de@gregkh/T/#u
Discussion:
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2023-52560 is: SKIP No affected files built, so skip this CVE NO - - unknown (where first YES/NO value means if related sources built).
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2
2023-10-01
Published
2023-10-03
Added to CISA KEV
Exploited in the wild