CVE-2023-4272

Summary

A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

Affected Software

VendorProductVersion RangeStatus
Arm LtdMidgard GPU Kernel Driverr8p0 <= r32p0affected
Arm LtdBifrost GPU Kernel Driverr0p0 < r42p0affected
Arm LtdValhall GPU Kernel Driverr19p0 < r42p0affected
Arm LtdArm 5th Gen GPU Architecture Kernel Driverr41p0 < r42p0affected

Weaknesses

  • CWE-1251: CWE-1251 Mirrored Regions with Different Values
  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References