CVE-2023-4211 - OpenCVE

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arm	5th Gen Gpu Architecture Kernel Driver Bifrost Midgard Valhall

Configuration 1 [-]

OR	cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver::::::::
	cpe:2.3:a:arm:bifrost::::::::
	cpe:2.3:a:arm:midgard::::::::
	cpe:2.3:a:arm:valhall::::::::

No data.

References

Link	Providers
https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/
https://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://nvd.nist.gov/vuln/detail/CVE-2023-4211
https://source.android.com/docs/security/bulletin/pixel/2023-09-01
https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2023-4211

History

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: Arm

Published: 2023-10-01T17:00:27.113Z

Updated: 2024-08-02T07:17:12.155Z

Reserved: 2023-08-07T15:24:51.156Z

Link: CVE-2023-4211

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-10-01T18:15:09.927

Modified: 2023-10-04T20:51:36.240

Link: CVE-2023-4211

Redhat

Severity : Important

Publid Date: 2023-08-15T00:00:00Z

Links: CVE-2023-4211 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4211", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "state": "PUBLISHED", "assignerShortName": "Arm", "dateReserved": "2023-08-07T15:24:51.156Z", "datePublished": "2023-10-01T17:00:27.113Z", "dateUpdated": "2024-08-02T07:17:12.155Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Midgard GPU Kernel Driver", "vendor": "Arm Ltd", "versions": [{"lessThanOrEqual": "r32p0", "status": "affected", "version": "r12p0", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Bifrost GPU Kernel Driver", "vendor": "Arm Ltd", "versions": [{"lessThanOrEqual": "r42p0", "status": "affected", "version": "r0p0", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Valhall GPU Kernel Driver", "vendor": "Arm Ltd", "versions": [{"lessThanOrEqual": "r42p0", "status": "affected", "version": "r19p0", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Arm 5th Gen GPU Architecture Kernel Driver", "vendor": "Arm Ltd", "versions": [{"lessThanOrEqual": "r42p0", "status": "affected", "version": "r41p0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Maddie Stone, Google Threat Analysis Group "}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jann Horn, Google Project Zero"}], "datePublic": "2023-10-01T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.</p>"}], "value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use after free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2023-10-04T16:35:12.961Z"}, "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"}], "source": {"discovery": "EXTERNAL"}, "title": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "arm-security@arm.com", "ID": "CVE-2023-4211", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mali GPU Kernel Driver", "version": {"version_data": [{"version_value": "Midgard GPU Kernel Driver"}]}}]}, "vendor_name": "Arm Ltd"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "5.0", "description": {"description_data": [{"lang": "eng", "value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations"}]}]}, "references": {"reference_data": [{"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "refsource": "MISC", "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:12.155Z"}, "title": "CVE Program Container", "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "tags": ["x_transferred"]}]}]}}

{"cisaActionDue": "2023-10-24", "cisaExploitAdd": "2023-10-03", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D525477-F5C3-459A-B5D6-3B1C75B0069B", "versionEndIncluding": "r42p0", "versionStartIncluding": "r41p0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF8078F2-C783-47EC-9C28-6DA97ECEFEEA", "versionEndIncluding": "r42p0", "versionStartIncluding": "r0p0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*", "matchCriteriaId": "888E7E35-B0F4-453F-8B51-B2929E504C25", "versionEndIncluding": "r32p0", "versionStartIncluding": "r12p0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4071968-E656-4D71-AF92-EA3C551C5FF4", "versionEndIncluding": "r42p0", "versionStartIncluding": "r19p0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\n"}, {"lang": "es", "value": "Un usuario local sin privilegios puede realizar operaciones inadecuadas de procesamiento de la memoria de la GPU para obtener acceso a la memoria ya liberada."}], "id": "CVE-2023-4211", "lastModified": "2023-10-04T20:51:36.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-01T18:15:09.927", "references": [{"source": "arm-security@arm.com", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"}], "sourceIdentifier": "arm-security@arm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "arm-security@arm.com", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability", "id": "2241988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241988"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory."], "name": "CVE-2023-4211", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-08-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-4211\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4211\nhttps://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/\nhttps://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html\nhttps://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html\nhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities\nhttps://source.android.com/docs/security/bulletin/pixel/2023-09-01\nhttps://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "Red Hat products are not directly affected by this vulnerability since we don't distributed the affected ARM MALI GPU drivers", "threat_severity": "Important"}