CVE-2021-29256
published 2021-05-24CVE-2021-29256: . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation…
PriorityP182high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-07-28
Exploited in the wild
EPSS
3.02%
85.8th percentile
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | >= r16p0 < r30p0 | r30p0 |
| arm | midgard_gpu_kernel_driver | >= r28p0 < r31p0 | r31p0 |
| arm | valhall_gpu_kernel_driver | >= r19p0 < r30p0 | r30p0 |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target is the Arm Mali GPU kernel driver; look for unprivileged processes interacting with Mali GPU kernel driver interfaces (Bifrost, Valhall, Midgard) that result in use-after-free conditions leading to privilege escalation or memory disclosure. ↗
- →Flag any process running at low privilege that subsequently gains root — particularly on Android devices with Mali GPUs — as a potential exploitation indicator for this UAF vulnerability. ↗
- →Scope detection to Mali GPU driver versions: Bifrost r16p0–r29p0, Valhall r19p0–r29p0, and Midgard r28p0–r30p0 (all before r30p0 fix). Audit installed driver versions on Android/Linux devices with Mali GPUs. ↗
- →Android Security Bulletin reference A-283489460 can be used to cross-reference patched builds; devices missing the 2023-07-01 Android security patch level on Mali-equipped hardware remain vulnerable. ↗
- ·Midgard r30p0 is listed as an affected version (not a fixed version), unlike Bifrost and Valhall where r30p0 is the fix. Ensure detection/patching scope correctly distinguishes Midgard r28p0–r30p0 as all vulnerable. ↗
- ·The Android Security Bulletin entry is marked with an asterisk (*) on the reference A-283489460, which typically indicates the patch is not publicly available — verify patch availability through OEM channels before assuming remediation. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gm4q-9jx5-3gfv
ghsa_unreviewed·2022-05-24
CVE-2021-29256 [HIGH] CWE-416 GHSA-gm4q-9jx5-3gfv
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
VulnCheck
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
vulncheck·2021·CVSS 8.8
CVE-2021-29256 [HIGH] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Affected: Arm Mali Graphics Processing Unit (GPU)
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Exploitation References: https://source.android.com/docs/security/bulletin/2023-07-01; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2023-07-28
CISA
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
cisa·2023-07-07·CVSS 8.8
CVE-2021-29256 [HIGH] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Vulnerability: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Affected: Arm Mali Graphics Processing Unit (GPU)
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notes: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2021-29256
Remediation Due Date: 2023-07-28
Android
CVE-2021-29256: Mali
vendor_android·2023-07-01·CVSS 8.8
CVE-2021-29256 [HIGH] CVE-2021-29256: Mali
Android Security Bulletin 2023-07-01
CVE: CVE-2021-29256
Severity: HIGH
Component: Mali
References: A-283489460*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-24
Published
2023-07-07
Added to CISA KEV
Exploited in the wild