github - ghsa-7537-p54v-mh3v

ghsa-7537-p54v-mh3v

Vulnerability from github

Published

2023-10-01 18:31

Modified

2024-04-04 07:59

Severity

5.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-01T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A local non-privileged user can make improper GPU memory processing operations  to gain access to already freed memory.\n\n",
  "id": "GHSA-7537-p54v-mh3v",
  "modified": "2024-04-04T07:59:35Z",
  "published": "2023-10-01T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4211"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html"
    },
    {
      "type": "WEB",
      "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/pixel/2023-09-01"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-4211

Vulnerability from cvelistv5

Published

2023-10-01 17:00

Modified

2024-08-02 07:17

Severity

Summary

Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

References

URL	Tags
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Impacted products

Vendor	Product
Arm Ltd	Midgard GPU Kernel Driver
Arm Ltd	Bifrost GPU Kernel Driver
Arm Ltd	Valhall GPU Kernel Driver
Arm Ltd	Arm 5th Gen GPU Architecture Kernel Driver

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:12.155Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Midgard GPU Kernel Driver",
          "vendor": "Arm Ltd",
          "versions": [
            {
              "lessThanOrEqual": "r32p0",
              "status": "affected",
              "version": "r12p0",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Bifrost GPU Kernel Driver",
          "vendor": "Arm Ltd",
          "versions": [
            {
              "lessThanOrEqual": "r42p0",
              "status": "affected",
              "version": "r0p0",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Valhall GPU Kernel Driver",
          "vendor": "Arm Ltd",
          "versions": [
            {
              "lessThanOrEqual": "r42p0",
              "status": "affected",
              "version": "r19p0",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Arm 5th Gen GPU Architecture Kernel  Driver",
          "vendor": "Arm Ltd",
          "versions": [
            {
              "lessThanOrEqual": "r42p0",
              "status": "affected",
              "version": "r41p0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Maddie Stone, Google Threat Analysis Group "
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jann Horn, Google Project Zero"
        }
      ],
      "datePublic": "2023-10-01T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA local non-privileged user can make improper GPU memory processing operations  to gain access to already freed memory.\u003c/p\u003e"
            }
          ],
          "value": "A local non-privileged user can make improper GPU memory processing operations  to gain access to already freed memory.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use after free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-04T16:35:12.961Z",
        "orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
        "shortName": "Arm"
      },
      "references": [
        {
          "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "arm-security@arm.com",
          "ID": "CVE-2023-4211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mali GPU Kernel Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Midgard GPU Kernel  Driver"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Arm Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "5.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local non-privileged user can make improper GPU memory processing operations  to gain access to already freed memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
              "refsource": "MISC",
              "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
    "assignerShortName": "Arm",
    "cveId": "CVE-2023-4211",
    "datePublished": "2023-10-01T17:00:27.113Z",
    "dateReserved": "2023-08-07T15:24:51.156Z",
    "dateUpdated": "2024-08-02T07:17:12.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.