cbcvebase.
CVE-2023-4272
published 2023-11-07

CVE-2023-4272: A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.34%
25.8th percentile
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

Affected

9 ranges
VendorProductVersion rangeFixed in
armbifrost_gpu_kernel_driverr0p0 – r41p0
armmali_gpu_kernel_driver
armmidgard_gpu_kernel_driverr8p0 – r32p0
armvalhall_gpu_kernel_driverr19p0 – r41p0
arm_ltdarm_5th_gen_gpu_architecture_kernel_driver>= r41p0 < r42p0r42p0
arm_ltdbifrost_gpu_kernel_driver>= r0p0 < r42p0r42p0
arm_ltdmidgard_gpu_kernel_driverr8p0 – r32p0
arm_ltdvalhall_gpu_kernel_driver>= r19p0 < r42p0r42p0
googleandroid
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.