Vulnerability identifier: #VU74210
Vulnerability risk: High
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Midgard GPU Kernel Driver
Hardware solutions /
Drivers
ARM Avalon GPU Kernel Driver
Hardware solutions /
Drivers
Bifrost GPU Kernel Driver
Hardware solutions /
Drivers
Valhall GPU Kernel Driver
Hardware solutions /
Drivers
Vendor: ARM
Description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.
Note, this vulnerability is being actively exploited in the wild.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Midgard GPU Kernel Driver: All versions
ARM Avalon GPU Kernel Driver: r41p0 - r42p0
CPE
External links
http://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
http://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities#CVE-2023-26083
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?