Memory leak in ARM products - CVE-2023-26083
Published: March 30, 2023 / Updated: April 4, 2023
Vulnerability identifier: #VU74210
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-26083
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: ARM
Affected software:
Midgard GPU Kernel Driver
ARM Avalon GPU Kernel Driver
Bifrost GPU Kernel Driver
Valhall GPU Kernel Driver
Midgard GPU Kernel Driver
ARM Avalon GPU Kernel Driver
Bifrost GPU Kernel Driver
Valhall GPU Kernel Driver
Detailed vulnerability description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.
Note, this vulnerability is being actively exploited in the wild.
How to mitigate CVE-2023-26083
Install update from vendor's website.