What is CVE-2021-28663?

CVE-2021-28663 is a use-after-free vulnerability in the Arm Mali GPU kernel driver that allows privilege escalation or information disclosure.

Which software is affected by CVE-2021-28663?

CVE-2021-28663 affects Arm Mali Graphics Processing Unit (GPU) and Android.

What is the severity of CVE-2021-28663?

The severity of CVE-2021-28663 is critical, with a CVSS score of 8.8.

How can CVE-2021-28663 be exploited?

CVE-2021-28663 can be exploited by mishandling GPU memory operations, leading to a use-after-free vulnerability.

How can I fix CVE-2021-28663?

To fix CVE-2021-28663, update the Arm Mali GPU kernel driver to a version later than r29p0 for Bifrost, Valhall, and Midgard.

Vulnerability/
CVE-2021-28663

Exploited

critical

CWE

416

3/5/2021

10/5/2021

13/8/2024

CVE-2021-28663: Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability

First published: Mon May 03 2021(Updated: )

Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Arm Bifrost Gpu Kernel Driver	>=r0p0<=r28p0
Arm Midguard Gpu Kernel Driver	>=r4p0<=r30p0
Arm Valhall Gpu Kernel Driver	>=r19p0<=r28p0
Google Android
Arm Mali Graphics Processing Unit (GPU)
	>=r0p0<r29p0
	>=r4p0<r31p0
	>=r19p0<r29p0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-28663?
CVE-2021-28663 is a use-after-free vulnerability in the Arm Mali GPU kernel driver that allows privilege escalation or information disclosure.
Which software is affected by CVE-2021-28663?
CVE-2021-28663 affects Arm Mali Graphics Processing Unit (GPU) and Android.
What is the severity of CVE-2021-28663?
The severity of CVE-2021-28663 is critical, with a CVSS score of 8.8.
How can CVE-2021-28663 be exploited?
CVE-2021-28663 can be exploited by mishandling GPU memory operations, leading to a use-after-free vulnerability.
How can I fix CVE-2021-28663?
To fix CVE-2021-28663, update the Arm Mali GPU kernel driver to a version later than r29p0 for Bifrost, Valhall, and Midgard.

collector/nvd-index
agent/type
agent/first-publish-date
agent/title
agent/severity
agent/weakness
agent/description
agent/softwarecombine
agent/event
collector/android-source
source/Android
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
exploited/true
collector/cisa-known-exploited
source/CISA
agent/references
agent/tags
agent/author
collector/nvd-cve
vendor/arm
canonical/arm bifrost gpu kernel driver
version/arm bifrost gpu kernel driver/r0p0
version/arm bifrost gpu kernel driver/r28p0
canonical/arm midguard gpu kernel driver
version/arm midguard gpu kernel driver/r4p0
version/arm midguard gpu kernel driver/r30p0
canonical/arm valhall gpu kernel driver
version/arm valhall gpu kernel driver/r19p0
version/arm valhall gpu kernel driver/r28p0
vendor/google
canonical/google android
canonical/arm midgard gpu kernel driver
version/arm midgard gpu kernel driver/r4p0
canonical/arm mali graphics processing unit (gpu)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.