CVE-2023-5427

2023-12-0111:15:07

CWE-416

[email protected]

web.nvd.nist.gov

arm ltd

use after free

bifrost gpu

valhall gpu

5th gen gpu architecture

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.

Affected configurations

Nvd

Node

arm5th_gen_gpu_architecture_kernel_driverRanger44p0–r46p0

armbifrost_gpu_kernel_driverRanger44p0–r46p0

armvalhall_gpu_kernel_driverRanger44p0–r46p0

VendorProductVersionCPE
arm5th_gen_gpu_architecture_kernel_driver*cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*
armbifrost_gpu_kernel_driver*cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
armvalhall_gpu_kernel_driver*cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arm	5th_gen_gpu_architecture_kernel_driver	*	cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver::::::::
arm	bifrost_gpu_kernel_driver	*	cpe:2.3:a:arm:bifrost_gpu_kernel_driver::::::::
arm	valhall_gpu_kernel_driver	*	cpe:2.3:a:arm:valhall_gpu_kernel_driver::::::::