CVE-2023-5427
published 2023-12-01CVE-2023-5427: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows…
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.33%
25.2th percentile
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r44p0 < r46p0 | r46p0 |
| arm | bifrost_gpu_kernel_driver | >= r44p0 < r46p0 | r46p0 |
| arm | valhall_gpu_kernel_driver | >= r44p0 < r46p0 | r46p0 |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r44p0 – r45p0 | — |
| arm_ltd | bifrost_gpu_kernel_driver | r44p0 – r45p0 | — |
| arm_ltd | valhall_gpu_kernel_driver | r44p0 – r45p0 | — |
| android | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2023-5427: Mali
vendor_android·2024-01-01·CVSS 7.8
CVE-2023-5427 [HIGH] CVE-2023-5427: Mali
Android Security Bulletin 2024-01-01
CVE: CVE-2023-5427
Severity: HIGH
Component: Mali
References: A-308188337
*
GHSA
GHSA-jrr9-w96c-8wpv: A local non-privileged user can make improper GPU processing operations to gain access to already freed memory
ghsa_unreviewed·2023-12-01
CVE-2023-5427 [HIGH] CWE-416 GHSA-jrr9-w96c-8wpv: A local non-privileged user can make improper GPU processing operations to gain access to already freed memory
A local non-privileged user can make improper GPU processing operations to gain access to already freed memory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/176029/ARM-Mali-r44p0-Use-After-Free.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttp://packetstormsecurity.com/files/176029/ARM-Mali-r44p0-Use-After-Free.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
2023-12-01
Published