CVE-2023-4211: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
First published: Fri Aug 25 2023(Updated: )
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Credit: arm-security@arm.com arm-security@arm.com arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm 5th Gen GPU Architecture Kernel Driver | >=r41p0<=r42p0 | |
| Arm Bifrost | >=r0p0<=r42p0 | |
| Arm Midgard | >=r12p0<=r32p0 | |
| Arm Valhall | >=r19p0<=r42p0 | |
| Google Android | ||
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html (Advisory)
- https://source.android.com/docs/security/bulletin/2023-10-01/#asterisk
- https://source.android.com/docs/security/bulletin/2023-10-01 (Advisory)
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;
- https://nvd.nist.gov/vuln/detail/CVE-2023-4211
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40088
- CVE-2023-40077
- CVE-2023-40076
- CVE-2023-45866
- CVE-2022-40507
- CVE-2023-4863
- CVE-2023-35674
- CVE-2023-4369
- CVE-2023-20593
- CVE-2023-4128
- CVE-2023-4147
- CVE-2023-3390
- CVE-2023-32804
- CVE-2022-40982
- CVE-2023-2312
- CVE-2023-4349
- CVE-2023-4350
- CVE-2023-4351
- CVE-2023-4352
- CVE-2023-4353
- CVE-2023-4354
- CVE-2023-4355
- CVE-2023-4356
- CVE-2023-4357
- CVE-2023-4358
- CVE-2023-4359
- CVE-2023-4360
- CVE-2023-4361
- CVE-2023-4362
- CVE-2023-4363
- CVE-2023-4364
- CVE-2023-4365
- CVE-2023-4366
- CVE-2023-4367
- CVE-2023-4368
- CVE-2023-21264
- CVE-2020-29374
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2023-4211.
What is the title of this vulnerability?
The title of this vulnerability is Arm Mali GPU Kernel Driver Use-After-Free Vulnerability.
What is the description of this vulnerability?
This vulnerability allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Who is affected by this vulnerability?
Arm Mali GPU Kernel Driver is affected by this vulnerability.
Are there any patches available for this vulnerability?
Patches may not be available for this vulnerability, but it is recommended to check the references for updates and patches.
- zeroday/true
- agent/author
- agent/type
- agent/severity
- agent/remedy
- agent/title
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/mitre-cve
- source/MITRE
- collector/chrome-releases
- agent/first-publish-date
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/arm
- canonical/arm 5th gen gpu architecture kernel driver
- version/arm 5th gen gpu architecture kernel driver/r41p0
- version/arm 5th gen gpu architecture kernel driver/r42p0
- canonical/arm bifrost
- version/arm bifrost/r0p0
- version/arm bifrost/r42p0
- canonical/arm midgard
- version/arm midgard/r12p0
- version/arm midgard/r32p0
- canonical/arm valhall
- version/arm valhall/r19p0
- version/arm valhall/r42p0
- vendor/google
- canonical/google android
- canonical/arm mali gpu kernel driver