Lucene search

[email protected]CVE-2021-28664

HistoryMay 10, 2021 - 3:15 p.m.

CVE-2021-28664

2021-05-1015:15:00

CWE-787

[email protected]

web.nvd.nist.gov

909

In Wild

arm mali gpu

kernel driver

privilege escalation

denial of service

memory corruption

cve-2021-28664

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.9%

JSON

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.

CPENameOperatorVersion
arm:bifrost_gpu_kernel_driverarm bifrost gpu kernel driverler28p0
arm:valhall_gpu_kernel_driverarm valhall gpu kernel driverler28p0
arm:midgard_gpu_kernel_driverarm midgard gpu kernel driverler30p0

CPE	Name	Operator	Version
arm:bifrost_gpu_kernel_driver	arm bifrost gpu kernel driver	le	r28p0
arm:valhall_gpu_kernel_driver	arm valhall gpu kernel driver	le	r28p0
arm:midgard_gpu_kernel_driver	arm midgard gpu kernel driver	le	r30p0