Vulnerability Description
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Bifrost Gpu Kernel Driver | >= r0p0, < r29p0 |
| Arm | Midgard Gpu Kernel Driver | >= r4p0, < r31p0 |
| Arm | Valhall Gpu Kernel Driver | >= r19p0, < r29p0 |
Related Weaknesses (CWE)
References
- https://developer.arm.com/support/arm-security-updatesVendor Advisory
- https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driverVendor Advisory
- https://github.com/lntrx/CVE-2021-28663Exploit
- https://developer.arm.com/support/arm-security-updatesVendor Advisory
- https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driverVendor Advisory
- https://github.com/lntrx/CVE-2021-28663Exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-28663?
CVE-2021-28663 is a vulnerability with a CVSS score of 8.8 (HIGH). The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 ...
How severe is CVE-2021-28663?
CVE-2021-28663 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28663?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Bifrost Gpu Kernel Driver, Arm Midgard Gpu Kernel Driver, Arm Valhall Gpu Kernel Driver.