Main Vulnerability Database Vulnerabilities #VU79503

#VU79503 Use-after-free in Chrome OS - CVE-2023-4211

Published: August 15, 2023 / Updated: October 2, 2023

Vulnerability identifier: #VU79503

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2023-4211

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Chrome OS

Software vendor:
Google

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within Mali GPU Kernel Driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_14.html
https://source.android.com/docs/security/bulletin/pixel/2023-09-01
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities