Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-28663


The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.


Published

2021-05-10T15:15:07.557

Last Modified

2025-03-14T17:09:07.347

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-416
  • Type: Secondary
    CWE-416

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application arm bifrost_gpu_kernel_driver < r29p0 Yes
Application arm midgard_gpu_kernel_driver < r31p0 Yes
Application arm valhall_gpu_kernel_driver < r29p0 Yes

References