CVE-2023-34970: ARM Security Advisory published a number of design flaws. Can we guess what this CVE is about? (4th Oct 2023)

Preface: Rather than processing tasks serially (sequentially) like a CPU, a GPU breaks up tasks and runs them in parallel. GPUs have many more cores than CPUs.

Background: The Roofline model is an intuitive visual performance model used to provide performance estimates of a given compute kernel or application running on multi-core, many-core, or accelerator processor architectures, by showing inherent hardware limitations, and potential benefit and priority of optimizations.

The kernel is memory bound, and the corresponding dot it close to L2 Bandwidth roof.

Ref: Suppose we have a mapping φ:Rn→Rm that brings our vectors in Rn to some feature space Rm. Then the dot product of x and y in this space is φ(x)Tφ(y). A kernel is a function k that corresponds to this dot product, i.e. k(x,y)=φ(x)Tφ(y)

Mali Offline Compiler is a command-line tool that you can use to compile all shaders and kernels from OpenGL ES, Vulkan and OpenCL.

Even though data is not organized in blocks in the source code, the compiler recognizes the pattern and optimizes access to matrix arrays.

Vulnerability details: A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.

Official announcement: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.