⚠ Actively exploited
Added to CISA KEV on 2023-07-07. Federal agencies required to patch by 2023-07-28. Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable..

CVE-2021-29256Use After Free in ARM Bifrost GPU Kernel Driver

CWE-416Use After Free5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 34.14%
CISA KEV
KEV
Added 2023-07-07
Due 2023-07-28
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
ARM Bifrost GPU Kernel DriverARM Midgard GPU Kernel DriverARM Valhall GPU Kernel Driver+1 more
Timeline
PublishedMay 24
KEV addedJul 7
KEV dueJul 28
CISA Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Description

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDarm/bifrost_gpu_kernel_driverr16p0r30p0
NVDarm/midgard_gpu_kernel_driverr28p0r31p0
NVDarm/valhall_gpu_kernel_driverr19p0r30p0

🔴Vulnerability Details

2
GHSA
GHSA-gm4q-9jx5-3gfv2022-05-24
VulnCheck
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability2021

📋Vendor Advisories

2
CISA
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability2023-07-07
Android
CVE-2021-29256: Mali2023-07-01