First published: Mon Oct 02 2023(Updated: )
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory
Credit: arm-security@arm.com arm-security@arm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arm Mali GPU Kernel Driver | =r44p0 | |
Arm Valhall Gpu Kernel Driver | =r44p0 | |
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-34970.
The severity of CVE-2023-34970 is high, with a CVSS score of 4.7.
A local non-privileged user can exploit CVE-2023-34970 by making improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition.
The Arm Mali GPU Kernel Driver, Arm Valhall Gpu Kernel Driver, and Google Android are affected by CVE-2023-34970.
To fix CVE-2023-34970, it is recommended to apply the latest security patches provided by the software vendors and follow the recommendations in the security bulletins.