CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.

Published: May 10, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-28664
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
arm / bifrost_gpu_kernel_driver	r0p0	r29p0
arm / valhall_gpu_kernel_driver	r19p0	r29p0
arm / midgard_gpu_kernel_driver	r8p0	r31p0

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver

Vulnerability Database

CVE-2021-28664