CVE-2023-34970

Summary

A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory

Affected Software

VendorProductVersion RangeStatus
Arm LtdValhall GPU Kernel Driverr44p0 < r44p1affected
Arm LtdArm 5th Gen GPU Architecture Kernel Driverr41p0 < r44p1affected

Weaknesses

  • CWE-416: CWE-416 Use after free

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References