CVE-2023-6143: Mali GPU Kernel Driver allows improper GPU memory processing operations
First published: Mon Mar 04 2024(Updated: )
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user and the system is under heavy load, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r1p0 through r18p0; Valhall GPU Kernel Driver: from r37p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.
Credit: arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver | >=r41p0<r47p0 | |
| Arm Bifrost GPU Kernel Driver | >=r1p0<r19p0 | |
| Arm Midgard | >=r13p0<=r32p0 | |
| Arm Ltd Valhall GPU Kernel Driver | >=r37p0<r47p0 |
Remedy
This issue is fixed in the Bifrost Kernel Driver in r19p0, in the Valhall and Arm 5th Gen GPU Architecture Kernel Drivers in r47p0. Users are recommended to upgrade if they are impacted by this issue. Please contact Arm support for Midgard GPUs.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6143?
CVE-2023-6143 has a high severity rating due to its potential to allow local non-privileged users to exploit a race condition and trigger a use-after-free vulnerability.
How do I fix CVE-2023-6143?
To fix CVE-2023-6143, update your system to the latest version of Android that includes security patches for this vulnerability.
What systems are affected by CVE-2023-6143?
CVE-2023-6143 specifically affects devices running the Google Android operating system with Arm Ltd Midgard, Bifrost, and Valhall GPU kernel drivers.
What kind of attack does CVE-2023-6143 enable?
CVE-2023-6143 enables a local non-privileged user to exploit a software race condition leading to improper memory management.
Is CVE-2023-6143 being actively exploited?
As of now, there are no known active exploits for CVE-2023-6143 reported in the wild, but the vulnerability poses a significant risk.
- agent/weakness
- agent/remedy
- agent/title
- agent/description
- agent/type
- agent/author
- agent/references
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/google
- canonical/android
- vendor/arm
- canonical/arm ltd arm 5th gen gpu architecture kernel driver
- version/arm ltd arm 5th gen gpu architecture kernel driver/r41p0
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r1p0
- canonical/arm midgard
- version/arm midgard/r13p0
- version/arm midgard/r32p0
- canonical/arm ltd valhall gpu kernel driver
- version/arm ltd valhall gpu kernel driver/r37p0