CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
armbifrost_gpu_kernel_driver
r0p0 ≤
𝑥
< r29p0
armmidgard_gpu_kernel_driver
r4p0 ≤
𝑥
< r31p0
armvalhall_gpu_kernel_driver
r19p0 ≤
𝑥
< r29p0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
armbifrost_gpu_kernel_driver
𝑥
≤ r28p0
ADP
armvalhall_gpu_kernel_driver
𝑥
≤ r28p0
ADP
armmidgard_gpu_kernel_driver
𝑥
≤ r30p0
ADP
Common Weakness Enumeration
References
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
https://github.com/lntrx/CVE-2021-28663
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
https://github.com/lntrx/CVE-2021-28663
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-28663