Cyber Resilience

CVE-2023-22808

Low

Published: 11 April 2023

Published
11 April 2023
Modified
11 February 2025
KEV Added
Patch
CVSS Score v3.1 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0025 48.7th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-22808 is a low-severity Out-of-bounds Read (CWE-125) vulnerability in Arm Avalon Android Gralloc Module. Its CVSS base score is 3.3 (Low).

Operationally, ranked at the 48.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0…

more

before r42p0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

arm
avalon android gralloc module
r41p0
arm
bifrost android gralloc module
r24p0 — r41p0
arm
valhall android gralloc module
r24p0 — r41p0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References