CVE-2023-5249 — Use After Free in LTD Bifrost GPU Kernel Driver

CWE-416 — Use After Free3 documents3 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 67.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM LTD Bifrost GPU Kernel Driver ARM LTD Valhall GPU Kernel Driver ARM Bifrost GPU Kernel Driver +2 more

Timeline

PublishedFeb 5

Description

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages5 packages

▶NVDarm/bifrost_gpu_kernel_driverr35p0 — r40p0

▶NVDarm/valhall_gpu_kernel_driverr35p0 — r40p0

▶CVEListV5arm_ltd/bifrost_gpu_kernel_driverr35p0 — r40p0

▶CVEListV5arm_ltd/valhall_gpu_kernel_driverr35p0 — r40p0

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-839x-p2jc-q87x: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improp↗2024-02-05

▶

📋Vendor Advisories

Android

CVE-2023-5249: Mali↗2024-02-01

▶