CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
armbifrost_gpu_kernel_driver
r0p0 ≤
𝑥
< r29p0
armmidgard_gpu_kernel_driver
r8p0 ≤
𝑥
< r31p0
armvalhall_gpu_kernel_driver
r19p0 ≤
𝑥
< r29p0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver