CVE-2021-28663
published 2021-05-10CVE-2021-28663: The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free…
PriorityP184high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
12.08%
95.6th percentile
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | >= r0p0 < r29p0 | r29p0 |
| arm | midgard_gpu_kernel_driver | >= r4p0 < r31p0 | r31p0 |
| arm | valhall_gpu_kernel_driver | >= r19p0 < r29p0 | r29p0 |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the Arm Mali GPU kernel driver; target affected driver versions: Bifrost r0p0 through r28p0 (before r29p0), Valhall r19p0 through r28p0 (before r29p0), and Midgard r4p0 through r30p0 ↗
- →Exploitation vector is a non-privileged (low-privilege) user process making improper GPU memory operations via the Mali kernel driver to achieve root privilege escalation or information disclosure — monitor for unexpected privilege escalation from low-privileged processes interacting with Mali GPU driver ioctls ↗
- →Root cause is a use-after-free in GPU memory operation handling in the Mali kernel driver; audit kernel crash dumps or KASAN/KFENCE reports referencing Mali GPU memory paths for exploitation evidence ↗
- →Android Security Bulletin reference A-174259860 can be used to cross-reference patch status on Android devices; check for the 2021-05-01 security patch level as the minimum remediated baseline ↗
- ·The vulnerability is marked with an asterisk (A-174259860*) in the Android Security Bulletin, indicating the patch may not be publicly available; detection and patching may depend on OEM-specific driver updates ↗
- ·This CVE is listed in CISA's Known Exploited Vulnerabilities catalog, confirming active in-the-wild exploitation; treat any unpatched Mali GPU driver in the affected version ranges as actively at risk ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2rc2-892p-6hc2: The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-af
ghsa_unreviewed·2022-05-24
CVE-2021-28663 [HIGH] CWE-416 GHSA-2rc2-892p-6hc2: The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-af
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
OSV
CVE-2021-28663: In kbase_mem_from_user_buffer of mali_kbase_mem_linux
osv·2021-05-01
CVE-2021-28663 CVE-2021-28663: In kbase_mem_from_user_buffer of mali_kbase_mem_linux
In kbase_mem_from_user_buffer of mali_kbase_mem_linux.c, there is a possible remapping of shared read-only memory as write-able due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
VulnCheck
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
vulncheck·2021·CVSS 8.8
CVE-2021-28663 [HIGH] CWE-416 Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.
Affected: Arm Mali Graphics Processing Unit (GPU)
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
Exploit PoC: https://vulncheck.com/xdb/7fe79c6d9e0d
Remediat
CISA
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2021-28663 [HIGH] CWE-416 Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
Vulnerability: Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
Affected: Arm Mali Graphics Processing Unit (GPU)
Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-28663
Remediation Due Date: 2021-11-17
Android
CVE-2021-28663: Mali
vendor_android·2021-05-01·CVSS 8.8
CVE-2021-28663 [HIGH] CVE-2021-28663: Mali
Android Security Bulletin 2021-05-01
CVE: CVE-2021-28663
Severity: HIGH
Component: Mali
References: A-174259860*
No detection rules found.
No public exploits indexed.
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
https://developer.arm.com/support/arm-security-updateshttps://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driverhttps://github.com/lntrx/CVE-2021-28663https://developer.arm.com/support/arm-security-updateshttps://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driverhttps://github.com/lntrx/CVE-2021-28663https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-28663
2021-05-10
Published
2021-11-03
Added to CISA KEV
Exploited in the wild