Headline
CVE-2023-26083: Memory leak in ARM Hardware solutions
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Vulnerability identifier: #VU74210
Vulnerability risk: High
CVSSv3.1:
CVE-ID: CVE-2023-26083
CWE-ID: CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Midgard GPU Kernel Driver
Hardware solutions / Drivers
ARM Avalon GPU Kernel Driver
Hardware solutions / Drivers
Bifrost GPU Kernel Driver
Hardware solutions / Drivers
Valhall GPU Kernel Driver
Hardware solutions / Drivers
Vendor: ARM
Description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.
Note, this vulnerability is being actively exploited in the wild.
Mitigation
Install update from vendor’s website.
Vulnerable software versions
Midgard GPU Kernel Driver: All versions
ARM Avalon GPU Kernel Driver: r41p0 - r42p0
CPE
- cpe:2.3:h:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*
External links
http://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
http://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities#CVE-2023-26083
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
Related news
Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0 Valhall GPU Kernel Driver: All versions from r19p0 -
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially
Plus: Mozilla fixes two high-severity bugs in Firefox, Citrix fixes a flaw that was used to attack a US-based critical infrastructure organization, and Oracle patches over 500 vulnerabilities.
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: 2023-07-05 Tags: CVE2021-29256 Tags: CVE-2023-26083 Tags: CVE-2023-2136 Tags: CVE-2023-21250 Tags: ARM Tags: Skia Google has patched 43 vulnerabilities in Android, three of which are actively exploited zero-day vulnerabilities. (Read more...) The post Update Android now! Google patches three actively exploited zero-days appeared first on Malwarebytes Labs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These