CVE-2023-6143 – A use-after-free vulnerability in Arm Mali GPU ... (How to Fix)

Q: What is the severity of CVE-2023-6143?

CVE-2023-6143 has a CVSS score of 8.4 (HIGH). A use-after-free vulnerability in Arm Mali GPU kernel drivers allows local non-privileged users to exploit a race condition under heavy system load to perform improper memory operations. This could lead to privilege escalation or system instability. Affects multiple Arm GPU driver families across specific version ranges.

📋 TL;DR

A use-after-free vulnerability in Arm Mali GPU kernel drivers allows local non-privileged users to exploit a race condition under heavy system load to perform improper memory operations. This could lead to privilege escalation or system instability. Affects multiple Arm GPU driver families across specific version ranges.

💻 Affected Systems

Products:

Arm Midgard GPU Kernel Driver
Arm Bifrost GPU Kernel Driver
Arm Valhall GPU Kernel Driver
Arm 5th Gen GPU Architecture Kernel Driver

Versions: Midgard: r13p0 through r32p0; Bifrost: r1p0 through r18p0; Valhall: r37p0 through r46p0; 5th Gen: r41p0 through r46p0

Operating Systems: Android, Linux distributions with affected Arm Mali drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Arm Mali GPUs using vulnerable driver versions. Requires local access and heavy system load conditions for reliable exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, potentially leading to full system compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated privileges on the affected system, potentially leading to further lateral movement.

🟢

If Mitigated

Denial of service or application crashes if exploitation attempts fail or are detected by security controls.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: HIGH - Local attackers or compromised user accounts can exploit this to escalate privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access, careful memory preparation, and heavy system load to trigger the race condition reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions beyond the affected ranges: Midgard > r32p0, Bifrost > r18p0, Valhall > r46p0, 5th Gen > r46p0

Vendor Advisory: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Restart Required: Yes

Instructions:

1. Check current driver version. 2. Update to patched driver version from Arm or device manufacturer. 3. Reboot system to load new driver. 4. Verify driver version post-update.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts and implement strict access controls to reduce attack surface.

Monitor system load

linux

Implement monitoring for abnormal system load patterns that could indicate exploitation attempts.

🧯 If You Can't Patch

Implement strict local access controls and least privilege principles
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check GPU driver version via: cat /sys/kernel/debug/mali0/version or similar driver-specific location

Check Version:

cat /sys/kernel/debug/mali0/version 2>/dev/null || dmesg | grep -i mali

Verify Fix Applied:

Verify driver version is outside affected ranges after update using same version check command

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
GPU driver crash messages
Abnormal memory access patterns in kernel logs

Network Indicators:

None - local exploitation only

SIEM Query:

source="kernel" AND ("mali" OR "gpu") AND ("panic" OR "crash" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2023-6143

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: March 4, 2024

Last Updated: March 27, 2025

🔗 References

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Vendor Advisory
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6143, you might also want to check these: