#VU74210 Memory leak in ARM products - CVE-2023-26083
Published: March 30, 2023 / Updated: April 4, 2023
Vulnerability identifier: #VU74210
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-26083
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Midgard GPU Kernel Driver
ARM Avalon GPU Kernel Driver
Bifrost GPU Kernel Driver
Valhall GPU Kernel Driver
Midgard GPU Kernel Driver
ARM Avalon GPU Kernel Driver
Bifrost GPU Kernel Driver
Valhall GPU Kernel Driver
Software vendor:
ARM
ARM
Description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.
Note, this vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.