CVE-2023-34970

A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory

Published: Oct 3, 2023
Updated: Oct 6, 2023
CVE: CVE-2023-34970
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
arm / valhall_gpu_kernel_driver	r44p0	r44p0.x
arm / mali_gpu_kernel_driver	r44p0	r44p0.x

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Vulnerability Database

CVE-2023-34970