CVE-2023-6241

Name of the Vulnerable Software and Affected Versions Arm Ltd Midgard GPU Kernel Driver versions r13p0 through r32p0 Arm Ltd Bifrost GPU Kernel Driver versions r11p0 through r25p0 Arm Ltd Valhall GPU Kernel Driver versions r19p0 through r25p0, versions r29p0 through r46p0 Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver versions r41p0 through r46p0

Description The issue is related to a Use After Free vulnerability in the Arm Mali GPU drivers, which can be exploited by a local non-privileged user to perform improper memory processing operations. This can lead to arbitrary kernel code execution and potentially gain root access on an Android device, even with Memory Tagging Extension (MTE) enabled. The vulnerability is caused by the use of memory after it has been freed.

Recommendations For Arm Ltd Midgard GPU Kernel Driver versions r13p0 through r32p0, update to a version outside of this range to resolve the issue. For Arm Ltd Bifrost GPU Kernel Driver versions r11p0 through r25p0, update to a version outside of this range to resolve the issue. For Arm Ltd Valhall GPU Kernel Driver versions r19p0 through r25p0 and versions r29p0 through r46p0, update to a version outside of these ranges to resolve the issue. For Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver versions r41p0 through r46p0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the vulnerable GPU drivers until a patch is available. Restrict access to the vulnerable drivers to minimize the risk of exploitation. Avoid using the affected GPU drivers in sensitive operations until the issue is resolved.