CVE-2023-4211: Mali GPU Kernel Driver allows improper GPU memory processing operations (2nd Oct 2023)

Preface: Double Free and Use After Free are Common IoT Security Weaknesses.

For example: Calling free() twice on the same value causes a memory leak. So, it is easy to encounter this design weakness.

Background: Arm Mali-G720, is designed on the Arm 5th Gen architecture to deliver improved performance while reducing memory bandwidth usage, power consumption, and CPU load. Even more powerful than its predecessor, the Mali-G715 GPU, Mali-G720 takes full advantage of advanced GPU technologies that can power immersive games and intelligent AI applications across a broad range of devices.

Vulnerability details: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Impact will occur on these specific products:

Midgard GPU Kernel  Driver: All versions from r12p0 – r32p0

Bifrost GPU Kernel Driver: All versions from r0p0 – r42p0

Valhall GPU Kernel Driver: All versions from r19p0 – r42p0

Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r42p0

Official announcement: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.