CVE-2021-44828
published 2022-01-14CVE-2021-44828: Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.26%
17.5th percentile
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | r0p0 – r34p0 | — |
| arm | midgard_gpu_kernel_driver | r26p0 – r30p0 | — |
| arm | valhall_gpu_kernel_driver | r19p0 – r34p0 | — |
| android | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qcq7-c3jg-v7g4: Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to
ghsa_unreviewed·2022-01-15
CVE-2021-44828 [HIGH] CWE-269 GHSA-qcq7-c3jg-v7g4: Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.
Project0
Project Zero RCA: CVE-2022-22706 / CVE-2021-39793: Mali GPU driver makes read-only imported pages host-writable
project_zero·CVSS 8.8
CVE-2021-39793 [HIGH] Project Zero RCA: CVE-2022-22706 / CVE-2021-39793: Mali GPU driver makes read-only imported pages host-writable
# CVE-2022-22706 / CVE-2021-39793: Mali GPU driver makes read-only imported pages host-writable
*Jann Horn*
## The Basics
**Disclosure or Patch Date:** March 7, 2022
**Product:** Arm Mali GPU driver for Linux/Android
**Advisory:**
- from Arm (upstream): https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- from Google Pixel: https://source.android.com/security/bulletin/pixel/2022-03-01#pixel
**Affected Versions:** see Arm advisory (note that the affected version range
for the Bifrost version of the related CVE-2021-28664 seems to be off-by-one)
**First Patched Version:**
- for Arm: see Arm advisory
- for Pixel: patch level 2022-03-05
**Issue/Bug Report:** N/A
**Patch CL:** https://android.googlesource.com/kernel/google-modules/gpu/+/5381ff7b410
Android
CVE-2021-44828: Mali
vendor_android·2023-10-01·CVSS 7.8
CVE-2021-44828 [HIGH] CVE-2021-44828: Mali
Android Security Bulletin 2023-10-01
CVE: CVE-2021-44828
Severity: HIGH
Component: Mali
References: A-296461583
*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-14
Published