CVE-2023-5643: Mali GPU Kernel Driver allows improper GPU memory processing operations
First published: Mon Feb 05 2024(Updated: )
Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system’s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.
Credit: arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver | >=r41p0<r46p0 | |
| Arm Bifrost GPU Kernel Driver | >=r41p0<r46p0 | |
| Arm Ltd Valhall GPU Kernel Driver | >=r41p0<r46p0 | |
| Android |
Remedy
This issue is fixed in Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver r46p0. Users are recommended to upgrade if they are impacted by this issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5643?
CVE-2023-5643 is a high-severity vulnerability that allows an attacker to exploit out-of-bounds write conditions.
How do I fix CVE-2023-5643?
To fix CVE-2023-5643, update the affected graphics drivers to the latest version that addresses this vulnerability.
What software is affected by CVE-2023-5643?
CVE-2023-5643 affects the Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, and Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver running Android versions 41p0 to 46p0.
Who can exploit CVE-2023-5643?
CVE-2023-5643 can be exploited by local non-privileged users who can perform improper GPU memory operations.
What are the consequences of CVE-2023-5643?
Exploitation of CVE-2023-5643 may lead to system instability or unauthorized access to memory, resulting in compromised system security.
- agent/remedy
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/author
- agent/references
- agent/severity
- agent/first-publish-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/android-source
- source/Android
- vendor/arm
- canonical/arm ltd arm 5th gen gpu architecture kernel driver
- version/arm ltd arm 5th gen gpu architecture kernel driver/r41p0
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r41p0
- canonical/arm ltd valhall gpu kernel driver
- version/arm ltd valhall gpu kernel driver/r41p0
- vendor/google
- canonical/android