Exploitation Summary
CVE-2023-26083 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 7, 2023.
Description
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
References (4)
Core 4
Core References
Vendor Advisory
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Third Party Advisory
https://www.cybersecurity-help.cz/vdb/SB2023033049
Third Party Advisory
https://www.cybersecurity-help.cz/vulnerabilities/74210/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26083
Scores
CVSS v3
3.3
EPSS
0.0523
EPSS Percentile
90.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2023-04-07
VulnCheck KEV
2023-03-21
InTheWild.io
2023-01-12
ENISA EUVD
EUVD-2023-29957
CWE
CWE-401
Status
published
Products (4)
arm/5th_gen_gpu_architecture_kernel_driver
r41p0 - r43p0
arm/bifrost_gpu_kernel_driver
r0p0 - r43p0
arm/midgard_gpu_kernel_driver
r6p0 - r32p0
arm/valhall_gpu_kernel_driver
r19p0 - r43p0
Published
Apr 06, 2023
KEV Added
Apr 07, 2023
Tracked Since
Feb 18, 2026