Bug 2241988 (CVE-2023-4211) - CVE-2023-4211 kernel: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Summary: CVE-2023-4211 kernel: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-4211
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2241986
TreeView+ depends on / blocked
 
Reported: 2023-10-03 18:30 UTC by Patrick Del Bello
Modified: 2023-10-30 13:58 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-10-04 17:34:57 UTC
Embargoed:

Attachments (Terms of Use)

Description Patrick Del Bello 2023-10-03 18:30:21 UTC 
A local non-privileged user can make improper GPU memory processing operations  to gain access to already freed memory.



https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html
https://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html
https://source.android.com/docs/security/bulletin/pixel/2023-09-01
https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/
Note You need to log in before you can comment on or make changes to this bug.