Cyber Resilience

CVE-2023-4211

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 01 October 2023

Published
01 October 2023
Modified
26 February 2026
KEV Added
03 October 2023
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0027 50.5th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4211 is a medium-severity Use After Free (CWE-416) vulnerability in Arm 5Th Gen Gpu Architecture Kernel Driver. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 49.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-16 (Memory Protection).

Deeper analysis

A use-after-free vulnerability tracked as CVE-2023-4211 affects the Arm Mali GPU driver. The flaw stems from improper GPU memory processing operations that allow a local non-privileged user to access memory that has already been freed, corresponding to CWE-416 and carrying a CVSS 3.1 score of 5.5 with high confidentiality impact.

A local attacker with low privileges can trigger the condition through crafted GPU operations to read sensitive data from freed memory regions. No user interaction or elevated rights are required, limiting the attack to the local system but enabling direct information disclosure.

Arm has published driver updates addressing the Mali GPU vulnerabilities on its security advisory page. The issue also appears in CISA's catalog of known exploited vulnerabilities, confirming real-world exploitation activity.

EPSS for the CVE rose sharply from a low baseline to a peak of 0.2126 on 2023-10-05 before receding to its current value of 0.0020, indicating a temporary surge in exploitation interest following disclosure.

EU & UK References

Vulnerability details

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

CWE(s)
KEV Date Added
03 October 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

arm
5th gen gpu architecture kernel driver
r41p0 — r43p0
arm
bifrost gpu kernel driver
r0p0 — r43p0
arm
midgard gpu kernel driver
r12p0 — r32p0
arm
valhall gpu kernel driver
r19p0 — r43p0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements memory protection safeguards that block use-after-free access to already-freed GPU memory regions.

prevent

Enforces authorization checks on all GPU memory operations so a non-privileged user cannot reach freed regions.

prevent

Maintains separate execution domains that limit a local process's ability to perform improper GPU memory operations across freed allocations.

References