Preface: The kernel doesn’t have libc or system calls if you’re not running in user mode.
Background: Open Source Mali Midgard GPU Kernel Drivers – The Android and Linux version of the Mali GPUs Device Driver provide low-level access to the Mali-T6xx, Mali-T7xx and Mali-T8xx series GPUs.
Under normal circumstances once kernel driver and user-space libraries are installed, you can enable OpenCL support with:
echo “libmali[.]so” | sudo tee /etc/OpenCL/vendors/mali[.]icd
And check it is found with:
sudo clinfo
Vulnerability details: Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 – r32p0, Bifrost GPU Kernel Driver all versions from r0p0 – r42p0, Valhall GPU Kernel Driver all versions from r19p0 – r42p0, and Avalon GPU Kernel Driver all versions from r41p0 – r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Reminder: If vulnerability category as CWE-401 – Improper Release of Memory Before Removing Last Reference (‘Memory Leak’). Whether If it can be reuse. If it can, the risk rating will be higher.
Product: Arm Avalon GPU Kernel Driver
CVSS Score: 5.5
** KEV since 2023-04-07 **
Official announcement: NVD – https://nvd.nist.gov/vuln/detail/CVE-2023-26083