Vulnerability Details : CVE-2023-5643
Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system’s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-5643
- cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*
- ARM » 5th Gen Gpu Architecture Kernel DriverVersions from including (>=) r41p0 and before (<) r46p0cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5643
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5643
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-02-13 |
CWE ids for CVE-2023-5643
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- arm-security@arm.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-5643
-
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Mali GPU Driver VulnerabilitiesVendor Advisory
Jump to