Privilege Escalation and Denial of Service Vulnerability in Arm Mali GPU Driver
CVE-2021-28664

8.8HIGH

Key Information:

Vendor: Arm
Status: Bifrost Gpu Kernel Driver; Midguard Gpu Kernel Driver; Valhall Gpu Kernel Driver
Vendor: CVE Published:; 10 May 2021

Badges

👾 Exploit Exists🦅 CISA Reported

What is CVE-2021-28664?

The Arm Mali GPU kernel driver exhibits a significant vulnerability allowing unprivileged users to obtain read/write access to restricted pages. This flaw can result in privilege escalation or cause a denial of service through memory corruption. The affected versions include various releases of the Bifrost, Valhall, and Midgard architectures, which can have severe implications for system security.

CISA has reported CVE-2021-28664

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-28664 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

References

https://developer.arm.com/support/arm-security-updates

https://developer.arm.com/support/arm-security-updates/ma...

https://developer.arm.com/Arm%20Security%20Center/Mali%20...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Nov 3, 2021
🦅
CISA Reported
Nov 3, 2021
Vulnerability published
May 10, 2021
Vulnerability Reserved
Mar 18, 2021