CVE-2023-5091 — Use After Free in LTD Valhall GPU Kernel Driver

CWE-416 — Use After Free5 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 67.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM LTD Valhall GPU Kernel Driver ARM Valhall GPU Kernel Driver Google Android

Timeline

PublishedJan 8

Latest updateFeb 1

Description

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDarm/valhall_gpu_kernel_driverr37p0 — r40p0

▶CVEListV5arm_ltd/valhall_gpu_kernel_driverr37p0 — r40p0

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-66qh-r598-w33q: Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gai↗2024-01-08

▶

📋Vendor Advisories

Android

CVE-2023-5091: Mali↗2024-02-01

▶

💬Community

Bugzilla

CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()↗2023-07-06

▶

Bugzilla

CVE-2023-21102 kernel: bypass of shadow stack protection due to a logic error↗2023-06-08

▶