Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveArmCVE-2023-33200
HistoryOct 03, 2023 - 5:15 p.m.

CVE-2023-33200

2023-10-0317:15:09
CWE-416
Arm
web.nvd.nist.gov
41
20
cve-2023-33200
local user
race condition
gpu processing
memory access

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.

Affected configurations

Nvd
Node
armbifrost_gpu_kernel_driverRanger17p0r44p1
OR
armmali_gpu_kernel_driverRanger41p0r44p1
OR
armvalhall_gpu_kernel_driverRanger19p0r44p1
VendorProductVersionCPE
armbifrost_gpu_kernel_driver*cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
armmali_gpu_kernel_driver*cpe:2.3:a:arm:mali_gpu_kernel_driver:*:*:*:*:*:*:*:*
armvalhall_gpu_kernel_driver*cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bifrost GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r44p1",
            "status": "unaffected"
          }
        ],
        "lessThan": "r44p1",
        "status": "affected",
        "version": "r17p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Valhall GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r44p1",
            "status": "unaffected"
          }
        ],
        "lessThan": "r44p1",
        "status": "affected",
        "version": "r19p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Arm 5th Gen GPU Architecture Kernel  Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r44p1",
            "status": "unaffected"
          }
        ],
        "lessThan": "r44p1",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  }
]

Social References

More

Related

nessus 1
nvd 1
prion 1
cvelist 1
thn 1
nessus
nessus
ARM Mali GPU Kernel Driver < r44p1 Improper Memory Access (CVE-2023-33200)
2023-10-03 00:00:00
nvd
nvd
CVE-2023-33200
2023-10-03 17:15:09
prion
prion
Race condition
2023-10-03 17:15:00
cvelist
cvelist
CVE-2023-33200 Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations
2023-10-03 16:39:10
thn
thn
Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation
2023-10-03 04:58:00

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

29.3%

JSON
Related for CVE-2023-33200
nessus1nvd1prion1cvelist1thn1