Exploitation Summary
CVE-2023-26083 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 7, 2023. EIP tracks 2 public exploits from researchers including Noverisp3.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2023-26083, demonstrating how an unprivileged user can leak kernel pointers via the Mali GPU driver's timeline stream due to a missing permission check in the KBASE_IOCTL_TLSTREAM_ACQUIRE handler.
Description
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Exploits (2)
This repository contains a functional proof-of-concept exploit for CVE-2023-26083, demonstrating how an unprivileged user can leak kernel pointers via the Mali GPU driver's timeline stream due to a missing permission check in the KBASE_IOCTL_TLSTREAM_ACQUIRE handler.
This repository contains a functional proof-of-concept exploit for CVE-2023-26083, demonstrating an information leak vulnerability in the Arm Mali GPU Kernel Driver. The exploit leverages a missing permission check in the `KBASE_IOCTL_TLSTREAM_ACQUIRE` handler to read kernel pointers from the timeline stream, defeating KASLR.
References (4)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N