CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
96.4%
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/
bugzilla.redhat.com/show_bug.cgi?id=2241988
chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html
chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html
developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
nvd.nist.gov/vuln/detail/CVE-2023-4211
source.android.com/docs/security/bulletin/pixel/2023-09-01
www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cve.org/CVERecord?id=CVE-2023-4211