Information disclosure in ARM Mali GPU kernel drivers



| Updated: 2023-04-04
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-26083
CWE-ID CWE-401
Exploitation vector Local
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Midgard GPU Kernel Driver
Hardware solutions / Drivers

ARM Avalon GPU Kernel Driver
Hardware solutions / Drivers

Bifrost GPU Kernel Driver
Hardware solutions / Drivers

Valhall GPU Kernel Driver
Hardware solutions / Drivers

Vendor ARM

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Memory leak

EUVDB-ID: #VU74210

Risk: High

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-26083

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.

Note, this vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Midgard GPU Kernel Driver: All versions

ARM Avalon GPU Kernel Driver: r41p0 - r42p0

Bifrost GPU Kernel Driver: before r43p0

Valhall GPU Kernel Driver: before r43p0

CPE2.3 External links

http://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
http://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities#CVE-2023-26083


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###