CVE-2023-32804: Fixes in Arm Mali Driver Development Kit
First published: Fri Aug 25 2023(Updated: )
Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0.
Credit: arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm 5th Gen GPU Architecture Kernel Driver | >=r41p0<=r44p0 | |
| Arm Bifrost Gpu Kernel Driver | >=r0p0<=r44p0 | |
| Arm Midgard Gpu Kernel Driver | >=r0p0<=r32p0 | |
| Arm Valhall Gpu Kernel Driver | >=r19p0<=r44p0 | |
| Google Android |
Remedy
This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Userspace Driver r44p1 and r45p0. Users are recommended to upgrade if they are impacted by this issue. Please contact Arm support for Midgard GPUs.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://source.android.com/docs/security/bulletin/2023-12-01/#asterisk
- https://source.android.com/docs/security/bulletin/2023-12-01 (Advisory)
- https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-4369
- CVE-2023-20593
- CVE-2023-4211
- CVE-2023-4128
- CVE-2023-4147
- CVE-2023-3390
- CVE-2022-40982
- CVE-2023-2312
- CVE-2023-4349
- CVE-2023-4350
- CVE-2023-4351
- CVE-2023-4352
- CVE-2023-4353
- CVE-2023-4354
- CVE-2023-4355
- CVE-2023-4356
- CVE-2023-4357
- CVE-2023-4358
- CVE-2023-4359
- CVE-2023-4360
- CVE-2023-4361
- CVE-2023-4362
- CVE-2023-4363
- CVE-2023-4364
- CVE-2023-4365
- CVE-2023-4366
- CVE-2023-4367
- CVE-2023-4368
- CVE-2023-21264
- CVE-2020-29374
Frequently Asked Questions
What is CVE-2023-32804?
CVE-2023-32804 is an Out-of-Bounds Write vulnerability in Arm Ltd GPU Userspace Driver that allows a local non-privileged user to write a constant pattern to a limited amount of memory.
What software is affected by CVE-2023-32804?
CVE-2023-32804 affects Google Android operating system.
What is the severity of CVE-2023-32804?
CVE-2023-32804 has a severity rating of high (7 out of 10).
How can I fix CVE-2023-32804?
To fix CVE-2023-32804, it is recommended to apply the necessary security patches provided by Arm Ltd and Google for the affected software.
Where can I find more information about CVE-2023-32804?
You can find more information about CVE-2023-32804 on the Arm Security Center website and the Android Security Bulletin for December 2023.
- collector/nvd-api
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/softwarecombine
- agent/description
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/chrome-releases
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm 5th gen gpu architecture kernel driver
- version/arm 5th gen gpu architecture kernel driver/r41p0
- version/arm 5th gen gpu architecture kernel driver/r44p0
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r0p0
- version/arm bifrost gpu kernel driver/r44p0
- canonical/arm midgard gpu kernel driver
- version/arm midgard gpu kernel driver/r0p0
- version/arm midgard gpu kernel driver/r32p0
- canonical/arm valhall gpu kernel driver
- version/arm valhall gpu kernel driver/r19p0
- version/arm valhall gpu kernel driver/r44p0
- vendor/google
- canonical/google android