The vulnerability was used as part of exploitation chain against Samsung Internet Browser and targeted victims in December 2022 with one-time links sent via SMS to devices located in the United Arab Emirates (UAE).
Vulnerability details
Advisory: SB2023033049 - Information disclosure in ARM Mali GPU kernel drivers
Vulnerable component: Valhall GPU Kernel Driver
CVE-ID: CVE-2023-26083
CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
Description:
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.
Note, this vulnerability is being actively exploited in the wild.
External links:
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/