CVE-2023-4211
ENISA EUVD: EUVD-2023-54085 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
3 articles
Published: 2023-10-01
EPSS Score
Source: FIRST.org · 2026-05-23
0.2%
probability
This CVE has a 0.2% probability
of being exploited in the next 30 days.
0%
Top 42.2th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)5.5
MEDIUM
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Description
VulnerabilityLookup (CNA)A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Affected Products
Arm Ltd
Midgard GPU Kernel Driver
r12p0
Arm Ltd
Bifrost GPU Kernel Driver
r0p0
Arm Ltd
Valhall GPU Kernel Driver
r19p0
Arm Ltd
Arm 5th Gen GPU Architecture Kernel Driver
r41p0
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Google Project Zero
Patched
Oct. 2, 2023
Reported by
Maddie Stone of Google's Threat Analysis Group and Jann Horn of Google Project Zero
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-4211.html
Signal Intelligence
Confidence
95%
EPSS
0.2%
CVSS v3.1
5.5
Mentions
3
Last Seen
Oct 03, 2023
CNA Information
CNA Assigner
Arm
CNA Title
Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026
Published DateOct 01, 2023