Vulnerability Details CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.2%
CVSS Severity
CVSS v3 Score 5.3
References
- https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
- https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
- https://blog.imaginationtech.com/reducing-bandwidth-pvric/
- https://github.com/UT-Security/gpu-zip
- https://news.ycombinator.com/item?id=37663159
- https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
- https://www.hertzbleed.com/gpu.zip/
- https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
- https://www.w3.org/TR/filter-effects-1/
- https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
- https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/
- https://blog.imaginationtech.com/reducing-bandwidth-pvric/
- https://github.com/UT-Security/gpu-zip
- https://news.ycombinator.com/item?id=37663159
- https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/
- https://www.hertzbleed.com/gpu.zip/
- https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
- https://www.w3.org/TR/filter-effects-1/
Products affected by CVE-2023-44216
-
cpe:2.3:h:amd:ryzen_5_7600x:-
-
cpe:2.3:h:amd:ryzen_7_4800u:-
-
cpe:2.3:h:apple:m1_mac_mini:-
-
cpe:2.3:h:google:pixel_6:-
-
cpe:2.3:h:intel:core_i7-10510u:-
-
cpe:2.3:h:intel:core_i7-10610u:-
-
cpe:2.3:h:intel:core_i7-11800h:-
-
cpe:2.3:h:intel:core_i7-12700k:-
-
cpe:2.3:h:intel:core_i7-8700:-
-
cpe:2.3:h:nvidia:geforce_rtx_2080_super:-
-
cpe:2.3:h:nvidia:geforce_rtx_3060:-
-
cpe:2.3:o:apple:macos:13.1
-
cpe:2.3:o:canonical:ubuntu_linux:22.04
-
cpe:2.3:o:google:android:13.0
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_11:-