FKIE_CVE-2023-6363

Vulnerability from fkie_nvd - Published: 2024-05-03 14:15 - Updated: 2025-03-27 16:35
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.
References
arm-security@arm.comhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20VulnerabilitiesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20VulnerabilitiesVendor Advisory
Impacted products
Vendor Product Version
arm 5th_gen_gpu_architecture_kernel_driver *
arm valhall_gpu_kernel_driver *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1671B7FC-A8FB-491B-A7E2-822DD2C1C442",
              "versionEndExcluding": "r48p0",
              "versionStartIncluding": "r41p0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1C069D-1CFA-443E-A0C7-EBF97223F770",
              "versionEndExcluding": "r48p0",
              "versionStartIncluding": "r41p0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system\u2019s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.\nThis issue affects Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.\n\n"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Use After Free en Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU inadecuadas. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda darle acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU Valhall: desde r41p0 hasta r47p0; Controlador de kernel de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r47p0."
    }
  ],
  "id": "CVE-2023-6363",
  "lastModified": "2025-03-27T16:35:54.250",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-03T14:15:10.730",
  "references": [
    {
      "source": "arm-security@arm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
    }
  ],
  "sourceIdentifier": "arm-security@arm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "arm-security@arm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.