CVE-2023-26083

LOW KEV

Mali GPU Kernel Driver <r32p0 - Memory Leak

Title source: llm

Description

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

References (4)

[Vendor Advisory] https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

[Third Party Advisory] https://www.cybersecurity-help.cz/vdb/SB2023033049

[Third Party Advisory] https://www.cybersecurity-help.cz/vulnerabilities/74210/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26083

Scores

CVSS v3 3.3

EPSS 0.0715

EPSS Percentile 91.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitation Intel

CISA KEV 2023-04-07

VulnCheck KEV 2023-03-21

InTheWild.io 2023-01-12

ENISA EUVD EUVD-2023-29957

Classification

CWE

CWE-401

Status published

Affected Products (4)

arm/5th_gen_gpu_architecture_kernel_driver < r43p0

arm/bifrost_gpu_kernel_driver < r43p0

arm/midgard_gpu_kernel_driver < r32p0

arm/valhall_gpu_kernel_driver < r43p0

Timeline

Published Apr 06, 2023

KEV Added Apr 07, 2023

Tracked Since Feb 18, 2026