9
CVE-2021-28664
- EPSS 0.13%
- Published 10.05.2021 15:15:07
- Last modified 03.04.2025 19:15:16
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.
Data is provided by the National Vulnerability Database (NVD)
Arm ≫ Bifrost Gpu Kernel Driver Version >= r0p0 < r29p0
Arm ≫ Midgard Gpu Kernel Driver Version >= r8p0 < r31p0
Arm ≫ Valhall Gpu Kernel Driver Version >= r19p0 < r29p0
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability
VulnerabilityArm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.338 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.