Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-29256

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

Published

2021-05-24T18:15:08.033

Last Modified

2025-04-07T13:08:28.870

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-416
Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	arm	bifrost_gpu_kernel_driver	< r30p0	Yes
Application	arm	midgard_gpu_kernel_driver	< r31p0	Yes
Application	arm	valhall_gpu_kernel_driver	< r30p0	Yes

References

https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver Vendor Advisory ([email protected])
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)