CVE-2023-6241

HIGH

Arm Ltd GPU Kernel - Use After Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-6241. PoCs published by SmileTabLabo, ilGobbo00.

AI-analyzed exploit summary This is a functional exploit for CVE-2023-6241, targeting the Arm Mali kernel driver to achieve arbitrary kernel code execution, disable SELinux, and gain root privileges on a Google Pixel 8 device. The exploit leverages a memory corruption vulnerability in the Mali GPU driver's JIT memory management.

Description

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.

Exploits (3)

nomisec WORKING POC 14 stars
by SmileTabLabo · poc
https://github.com/SmileTabLabo/CVE-2023-6241

This is a functional exploit for CVE-2023-6241, targeting the Arm Mali kernel driver to achieve arbitrary kernel code execution, disable SELinux, and gain root privileges on a Google Pixel 8 device. The exploit leverages a memory corruption vulnerability in the Mali GPU driver's JIT memory management.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Arm Mali GPU Kernel Driver (Google Pixel 8, November 2023 patch level)
No auth needed
Prerequisites: Google Pixel 8 with November 2023 patch (UD1A.231105.004) · Access to /dev/mali0 · libGLES_mali.so from the device · OpenCL headers for compilation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by ilGobbo00 · poc
https://github.com/ilGobbo00/CVE-2023-6241-Pixel7_Adaptation

This repository adapts an exploit for CVE-2023-6241 (a Mali GPU kernel vulnerability) from Pixel 8 to Pixel 7, leveraging memory corruption for local privilege escalation (LPE). It includes detailed steps for kernel symbol extraction, offset calculation, and exploit compilation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Google Pixel 7 (Android kernel with Mali GPU driver, pre-Feb 2024 patches)
No auth needed
Prerequisites: Physical access or ADB access to the device · Device flashed to a vulnerable firmware version (Nov 2023 - Feb 2024) · Kernel symbols extracted from the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/s1204it/cve-2023-6241

This repository contains a functional exploit for CVE-2023-6241, targeting a vulnerability in the Arm Mali kernel driver. The exploit achieves arbitrary kernel code execution, disables SELinux, and gains root on a Google Pixel 8 device.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Arm Mali kernel driver (Google Pixel 8, November 2023 patch)
No auth needed
Prerequisites: Google Pixel 8 device with November 2023 patch · OpenCL headers · libGLES_mali.so
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.0
EPSS 0.1241
EPSS Percentile 94.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (4)
arm/5th_gen_gpu_architecture_kernel_driver r41p0 - r47p0
arm/bifrost_gpu_kernel_driver r11p0 - r26p0
arm/midgard_gpu_kernel_driver r13p0 - r32p0
arm/valhall_gpu_kernel_driver r19p0 - r26p0
Published Mar 04, 2024
Tracked Since Feb 18, 2026