Lucene search

[email protected]NVD:CVE-2023-4295

HistoryNov 07, 2023 - 4:15 p.m.

CVE-2023-4295

2023-11-0716:15:29

CWE-416

CWE-190

[email protected]

web.nvd.nist.gov

local user

improper operations

gpu memory

access

freed memory

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Affected configurations

Nvd

Node

armmali_gpu_kernel_driverRanger41p0–r43p0

armvalhall_gpu_kernel_driverRanger29p0–r42p0

VendorProductVersionCPE
armmali_gpu_kernel_driver*cpe:2.3:a:arm:mali_gpu_kernel_driver:*:*:*:*:*:*:*:*
armvalhall_gpu_kernel_driver*cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arm	mali_gpu_kernel_driver	*	cpe:2.3:a:arm:mali_gpu_kernel_driver::::::::
arm	valhall_gpu_kernel_driver	*	cpe:2.3:a:arm:valhall_gpu_kernel_driver::::::::

References

packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html

developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Related for NVD:CVE-2023-4295

cvelist1 cve1 prion1