CVE-2023-26083

LOW KEV

Mali GPU Kernel Driver <r32p0 - Memory Leak

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-26083 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 7, 2023. EIP tracks 2 public exploits from researchers including Noverisp3.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2023-26083, demonstrating how an unprivileged user can leak kernel pointers via the Mali GPU driver's timeline stream due to a missing permission check in the KBASE_IOCTL_TLSTREAM_ACQUIRE handler.

Description

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

Exploits (2)

nomisec WORKING POC
by Noverisp3 · poc
https://github.com/Noverisp3/CVE-2023-26083

This repository contains a functional proof-of-concept exploit for CVE-2023-26083, demonstrating how an unprivileged user can leak kernel pointers via the Mali GPU driver's timeline stream due to a missing permission check in the KBASE_IOCTL_TLSTREAM_ACQUIRE handler.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Arm Mali GPU Kernel Driver (versions prior to the fix for CVE-2023-26083)
No auth needed
Prerequisites: Device with Mali GPU · Access to /dev/mali0 · Unprivileged user access
mistral-large-3 · analyzed Jun 02, 2026 Full analysis →
nomisec WORKING POC
by Noverisp3 · infoleak
https://github.com/Noverisp3/CVE-2023-26083-Mali-InfoLeak-PoC

This repository contains a functional proof-of-concept exploit for CVE-2023-26083, demonstrating an information leak vulnerability in the Arm Mali GPU Kernel Driver. The exploit leverages a missing permission check in the `KBASE_IOCTL_TLSTREAM_ACQUIRE` handler to read kernel pointers from the timeline stream, defeating KASLR.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Arm Mali GPU Kernel Driver (versions prior to the fix for CVE-2023-26083)
No auth needed
Prerequisites: Device with Mali GPU · Access to /dev/mali0 · Unprivileged user access
mistral-large-3 · analyzed May 28, 2026 Full analysis →

Scores

CVSS v3 3.3
EPSS 0.0143
EPSS Percentile 69.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2023-04-07
VulnCheck KEV 2023-03-21
InTheWild.io 2023-01-12
ENISA EUVD EUVD-2023-29957
CWE
CWE-401
Status published
Products (4)
arm/5th_gen_gpu_architecture_kernel_driver r41p0 - r43p0
arm/bifrost_gpu_kernel_driver r0p0 - r43p0
arm/midgard_gpu_kernel_driver r6p0 - r32p0
arm/valhall_gpu_kernel_driver r19p0 - r43p0
Published Apr 06, 2023
KEV Added Apr 07, 2023
Tracked Since Feb 18, 2026