CVE-2023-28147

Vulnerability

The Arm Mali GPU Kernel Driver contains a use-after-free vulnerability where a non-privileged user can trigger improper GPU processing operations to access already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. [1]

Exploitation

An attacker requires only non-privileged user access to the system. By performing specific GPU processing operations, the attacker can cause the driver to reference memory that has already been freed, leading to a use-after-free condition. No additional authentication or special permissions are needed beyond local user access. [1]

Impact

Successful exploitation allows the attacker to read or write freed memory, potentially leading to information disclosure or memory corruption. The attacker may escalate privileges or cause a denial of service. The exact impact depends on the memory layout and system configuration. [1]

Mitigation

Arm has released driver version r43p0 which fixes the vulnerability. Users should update to the latest driver version for their GPU architecture. For affected versions, no workaround is provided; updating is the recommended mitigation. [1]