Arm Mali GPU Kernel Driver Information Disclosure Vulnerability (CVE-2023-26083)
Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
A local attacker, with a low-privilege account, can achieve partial data exposure. Federal agencies are required to remediate by 2023-04-28 under CISA BOD 22-01.
This is a Software Vulnerability (CWE-401) (CWE-401) vulnerability in Arm Mali Graphics Processing Unit (GPU). Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2023-04-07 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2023-04-28.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.