What is CVE-2023-32804?

CVE-2023-32804 is an Out-of-Bounds Write vulnerability in Arm Ltd GPU Userspace Driver that allows a local non-privileged user to write a constant pattern to a limited amount of memory.

What software is affected by CVE-2023-32804?

CVE-2023-32804 affects Google Android operating system.

What is the severity of CVE-2023-32804?

CVE-2023-32804 has a severity rating of high (7 out of 10).

How can I fix CVE-2023-32804?

To fix CVE-2023-32804, it is recommended to apply the necessary security patches provided by Arm Ltd and Google for the affected software.

Where can I find more information about CVE-2023-32804?

You can find more information about CVE-2023-32804 on the Arm Security Center website and the Android Security Bulletin for December 2023.

Vulnerability/
CVE-2023-32804

high

7.8

CWE

787

25/8/2023

4/12/2023

28/8/2024

CVE-2023-32804: Fixes in Arm Mali Driver Development Kit

First published: Fri Aug 25 2023(Updated: )

Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0.

Credit: arm-security@arm.com

Affected Software	Affected Version	How to fix
Arm 5th Gen GPU Architecture Kernel Driver	>=r41p0<=r44p0
Arm Bifrost Gpu Kernel Driver	>=r0p0<=r44p0
Arm Midgard Gpu Kernel Driver	>=r0p0<=r32p0
Arm Valhall Gpu Kernel Driver	>=r19p0<=r44p0
Google Android

Remedy

This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Userspace Driver r44p1 and r45p0. Users are recommended to upgrade if they are impacted by this issue. Please contact Arm support for Midgard GPUs.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

4978345371388270778

Frequently Asked Questions

What is CVE-2023-32804?
CVE-2023-32804 is an Out-of-Bounds Write vulnerability in Arm Ltd GPU Userspace Driver that allows a local non-privileged user to write a constant pattern to a limited amount of memory.
What software is affected by CVE-2023-32804?
CVE-2023-32804 affects Google Android operating system.
What is the severity of CVE-2023-32804?
CVE-2023-32804 has a severity rating of high (7 out of 10).
How can I fix CVE-2023-32804?
To fix CVE-2023-32804, it is recommended to apply the necessary security patches provided by Arm Ltd and Google for the affected software.
Where can I find more information about CVE-2023-32804?
You can find more information about CVE-2023-32804 on the Arm Security Center website and the Android Security Bulletin for December 2023.

collector/nvd-api
agent/type
agent/remedy
agent/weakness
agent/severity
agent/author
agent/softwarecombine
agent/description
collector/chrome-releases
agent/references
agent/first-publish-date
agent/title
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/android-source
source/Android
agent/software-canonical-lookup
agent/trending
vendor/arm
canonical/arm 5th gen gpu architecture kernel driver
version/arm 5th gen gpu architecture kernel driver/r41p0
version/arm 5th gen gpu architecture kernel driver/r44p0
canonical/arm bifrost gpu kernel driver
version/arm bifrost gpu kernel driver/r0p0
version/arm bifrost gpu kernel driver/r44p0
canonical/arm midgard gpu kernel driver
version/arm midgard gpu kernel driver/r0p0
version/arm midgard gpu kernel driver/r32p0
canonical/arm valhall gpu kernel driver
version/arm valhall gpu kernel driver/r19p0
version/arm valhall gpu kernel driver/r44p0
vendor/google
canonical/google android