3.3 CVE-2023-26083
CISA Kev Catalog
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
https://nvd.nist.gov/vuln/detail/CVE-2023-26083
Categories
CWE-401 : Missing Release of Memory after Effective Lifetime
This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.
References
cve@mitre.org
| https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulne... Vendor Advisory |
| https://www.cybersecurity-help.cz/vdb/SB2023033049 Third Party Advisory |
| https://www.cybersecurity-help.cz/vulnerabilities/74210/ Third Party Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:arm:avalon_gpu_kernel_driver:*:*:*:*:*:*:*:* | >= r41p0 | < r43p0 |
| cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:* | >= r0p0 | < r43p0 |
| cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:* | >= r6p0 | <= r32p0 |
| cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:* | >= r19p0 | < r43p0 |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
