CVE-2023-26085

Name of the Vulnerable Software and Affected Versions Arm NN Android-NN-Driver versions prior to 23.02

Description A possible out-of-bounds read and write was discovered due to an improper length check of shared memory. This issue could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability is related to a missing bounds check in the CopyTensorContentsGeneric function of WorkloadUtils.hpp.

Recommendations For Arm NN Android-NN-Driver versions prior to 23.02, update to version 23.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the shared memory to minimize the risk of exploitation.