Memory leak in Chrome OS

#VU85579 Memory leak in Chrome OS

Cybersecurity Help s.r.o.

Published: 2024-01-18

Vulnerability identifier: #VU85579

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4969

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Chrome OS
Operating systems & Components / Operating system

Vendor:

Description
The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak through an optimized GPU memory region called _local memory_ on various architectures. A local user can read sensitive data from another GPU kernel.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions
http://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html
http://kb.cert.org/vuls/id/446598
http://blog.trailofbits.com
http://www.kb.cert.org/vuls/id/446598

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google ChromeOS TLS

Information disclosure in Google ChromeOS