CVE-2023-33200

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the systems memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
ArmCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
armbifrost_gpu_kernel_driver
r17p0 ≤
𝑥
< r44p1
armmali_gpu_kernel_driver
r41p0 ≤
𝑥
< r44p1
armvalhall_gpu_kernel_driver
r19p0 ≤
𝑥
< r44p1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities