CVE-2023-5643 – This CVE describes an out-of-bounds write vulne... (How to Fix)

Q: What is the severity of CVE-2023-5643?

CVE-2023-5643 has a CVSS score of 7.8 (HIGH). This CVE describes an out-of-bounds write vulnerability in Arm Mali GPU kernel drivers that allows a local non-privileged user to perform improper GPU memory operations. If exploited, it could write beyond buffer boundaries, potentially leading to privilege escalation or system compromise. It affects Bifrost, Valhall, and Arm 5th Gen GPU Architecture kernel drivers from versions r41p0 through r45p0.

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in Arm Mali GPU kernel drivers that allows a local non-privileged user to perform improper GPU memory operations. If exploited, it could write beyond buffer boundaries, potentially leading to privilege escalation or system compromise. It affects Bifrost, Valhall, and Arm 5th Gen GPU Architecture kernel drivers from versions r41p0 through r45p0.

💻 Affected Systems

Products:

Arm Ltd Bifrost GPU Kernel Driver
Arm Ltd Valhall GPU Kernel Driver
Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

Versions: r41p0 through r45p0

Operating Systems: Android, Linux distributions with affected Mali GPU drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Mali GPU hardware with vulnerable driver versions. Requires local access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, enabling full system compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated privileges on affected systems.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and GPU driver permissions.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local access to exploit.

🏢 Internal Only: HIGH - Any local user (including compromised accounts) could potentially exploit this vulnerability to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires careful memory preparation by the attacker and depends on specific GPU driver configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after r45p0

Vendor Advisory: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Restart Required: Yes

Instructions:

1. Check current Mali GPU driver version. 2. Update to version r46p0 or later from Arm's official sources. 3. Reboot the system to load the patched driver.

🔧 Temporary Workarounds

Restrict GPU driver access

linux

Limit access to GPU driver interfaces to reduce attack surface

chmod 600 /dev/mali0
chown root:root /dev/mali0

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable drivers
Implement strict privilege separation and limit GPU driver permissions

🔍 How to Verify

Check if Vulnerable:

Check Mali GPU driver version: cat /sys/class/misc/mali0/device/driver/version or dmesg | grep -i mali

Check Version:

cat /sys/class/misc/mali0/device/driver/version 2>/dev/null || dmesg | grep -i 'mali.*driver.*version'

Verify Fix Applied:

Verify driver version is r46p0 or later after update and reboot

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing memory access violations
GPU driver crash logs
Unexpected privilege escalation attempts

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("mali" OR "gpu") AND ("segfault" OR "oops" OR "access violation")

📊 Metadata

CVE ID: CVE-2023-5643

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 5, 2024

Last Updated: May 15, 2025

🔗 References

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Vendor Advisory
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5643, you might also want to check these: