About ARM security advisory: CVE-2023-5427 –  improper GPU memory processing operations to gain access to already freed memory (4th Dec 2023)

Preface: If you need memory to live beyond the life of the current function, you need to allocate it on the heap with malloc and manage it yourself.

Background: The Android and Linux version of the Mali GPUs Device Driver provide low-level access to the Mali GPUs that are part of the Open Source Mali 5th Gen GPU Architecture Kernel Drivers family.

These components are not a complete driver stack. To build a functional OpenGL ES you need access to the full source code of the Mali GPU DDK, which is provided under the standard Arm commercial licence to all Mali GPU customers.

Vulnerability details: A local non-privileged user can make improper GPU processing operations to gain access to already freed memory.

Affects:

Bifrost GPU Kernel Driver: All versions from r44p0 – r45p0

Valhall GPU Kernel Driver: All versions from r44p0 – r45p0

Arm 5th Gen GPU Architecture Kernel Driver: All versions from r44p0 – r45p0

Resolution: This issue is fixed in Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver r46p0. Users are recommended to upgrade if they are impacted by this issue.

Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.