Out-of-bounds read in ARM products - CVE-2023-22808
Published: April 4, 2023
Vulnerability identifier: #VU74391
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-22808
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: ARM
Affected software:
ARM Avalon GPU Kernel Driver
Valhall GPU Kernel Driver
Bifrost GPU Kernel Driver
ARM Avalon GPU Kernel Driver
Valhall GPU Kernel Driver
Bifrost GPU Kernel Driver
Detailed vulnerability description
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
How to mitigate CVE-2023-22808
Install updates from vendor's website.