CVE-2023-26083: Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
First published: Thu Apr 06 2023(Updated: )
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Mali Graphics Processing Unit (GPU) | ||
| Android | ||
| Arm Avalon Gpu Kernel Driver | >=r41p0<r43p0 | |
| Arm Bifrost GPU Kernel Driver | >=r0p0<r43p0 | |
| Arm Midgard GPU Kernel Driver | >=r6p0<=r32p0 | |
| Arm Ltd Valhall GPU Kernel Driver | >=r19p0<r43p0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://www.cybersecurity-help.cz/vdb/SB2023033049
- https://www.cybersecurity-help.cz/vulnerabilities/74210/
- https://source.android.com/docs/security/bulletin/2023-07-01/#asterisk
- https://source.android.com/docs/security/bulletin/2023-07-01 (Advisory)
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;
- https://nvd.nist.gov/vuln/detail/CVE-2023-26083
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-26083.
What is the title of the vulnerability?
The title of the vulnerability is Arm Mali GPU Kernel Driver Information Disclosure Vulnerability.
What is the severity of the vulnerability?
The severity of the vulnerability is medium (CVSS severity score of 4).
What software products are affected by the vulnerability?
The Arm Mali Graphics Processing Unit (GPU) and Google Android are affected by the vulnerability.
How can a non-privileged user exploit this vulnerability?
A non-privileged user can make valid GPU processing operations that expose sensitive kernel metadata.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [link1](https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities) and [link2](https://source.android.com/docs/security/bulletin/2023-07-01/#asterisk).
- agent/type
- agent/first-publish-date
- agent/description
- agent/title
- agent/weakness
- agent/severity
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/source
- agent/last-modified-date
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- collector/nvd-index
- vendor/arm
- canonical/arm mali graphics processing unit (gpu)
- vendor/google
- canonical/android
- canonical/arm avalon gpu kernel driver
- version/arm avalon gpu kernel driver/r41p0
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r0p0
- canonical/arm midgard gpu kernel driver
- version/arm midgard gpu kernel driver/r6p0
- version/arm midgard gpu kernel driver/r32p0
- canonical/arm ltd valhall gpu kernel driver
- version/arm ltd valhall gpu kernel driver/r19p0