Exploitation Summary
CVE-2023-4211 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 3, 2023.
Description
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
References (2)
Core 2
Core References
Vendor Advisory
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4211
Scores
CVSS v3
5.5
EPSS
0.0027
EPSS Percentile
50.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-10-03
VulnCheck KEV
2023-09-18
InTheWild.io
2023-09-18
ENISA EUVD
EUVD-2023-54085
CWE
CWE-416
Status
published
Products (4)
arm/5th_gen_gpu_architecture_kernel_driver
r41p0 - r43p0
arm/bifrost_gpu_kernel_driver
r0p0 - r43p0
arm/midgard_gpu_kernel_driver
r12p0 - r32p0
arm/valhall_gpu_kernel_driver
r19p0 - r43p0
Published
Oct 01, 2023
KEV Added
Oct 03, 2023
Tracked Since
Feb 18, 2026