CVE-2023-44216

Опубликовано: 27 сент. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

Ссылки

https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
Press/Media Coverage
Third Party Advisory
https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
Press/Media Coverage
https://blog.imaginationtech.com/reducing-bandwidth-pvric/
Press/Media Coverage
https://github.com/UT-Security/gpu-zip
Third Party Advisory
https://news.ycombinator.com/item?id=37663159
Issue Tracking
https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
Press/Media Coverage
https://www.hertzbleed.com/gpu.zip/
Technical Description
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Exploit
https://www.w3.org/TR/filter-effects-1/
Exploit
https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
Press/Media Coverage
Third Party Advisory
https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
Press/Media Coverage
https://blog.imaginationtech.com/reducing-bandwidth-pvric/
Press/Media Coverage
https://github.com/UT-Security/gpu-zip
Third Party Advisory
https://news.ycombinator.com/item?id=37663159
Issue Tracking
https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
Press/Media Coverage
https://www.hertzbleed.com/gpu.zip/
Technical Description
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Exploit
https://www.w3.org/TR/filter-effects-1/
Exploit

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

Одно из

cpe:2.3:h:amd:ryzen_7_4800u:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7-10510u:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7-12700k:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7-8700:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:microsoft:windows_11:-:*:*:*:professional:*:*:*

cpe:2.3:h:intel:core_i7-10610u:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:microsoft:windows_11:-:*:*:*:home:*:*:*

Одно из

cpe:2.3:h:intel:core_i7-11800h:-:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:geforce_rtx_3060:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:microsoft:windows_10:-:*:*:*:pro:*:*:*

Одно из

cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:geforce_rtx_2080_super:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:apple:macos:13.1:*:*:*:*:*:*:*

cpe:2.3:h:apple:m1_mac_mini:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00494

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-203

Связанные уязвимости

CVE-2023-44216

CVSS3: 5.3

ubuntu

больше 2 лет назад

GHSA-fjqr-32v8-6gf9

CVSS3: 5.3

github

больше 2 лет назад

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

EPSS

Процентиль: 65%

0.00494

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-203