CVE-2021-28664: Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability
First published: Mon May 03 2021(Updated: )
Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Bifrost Gpu Kernel Driver | >=r0p0<=r28p0 | |
| Arm Midguard Gpu Kernel Driver | >=r8p0<=r30p0 | |
| Arm Valhall Gpu Kernel Driver | >=r19p0<=r28p0 | |
| Google Android | ||
| Arm Mali Graphics Processing Unit (GPU) | ||
| Arm Bifrost Gpu Kernel Driver | >=r0p0<r29p0 | |
| Arm Midgard Gpu Kernel Driver | >=r8p0<r31p0 | |
| Arm Valhall Gpu Kernel Driver | >=r19p0<r29p0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://developer.arm.com/support/arm-security-updates
- https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
- https://source.android.com/docs/security/bulletin/2021-05-01/#asterisk
- https://source.android.com/docs/security/bulletin/2021-05-01 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2021-28664
Frequently Asked Questions
What is CVE-2021-28664?
CVE-2021-28664 is an unspecified vulnerability in the Arm Mali Graphics Processing Unit (GPU) kernel driver that allows privilege escalation or a denial of service (memory corruption).
How does CVE-2021-28664 affect Arm Mali Graphics Processing Unit (GPU)?
CVE-2021-28664 affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r28p0 versions of the Arm Mali GPU kernel driver.
What is the severity of CVE-2021-28664?
CVE-2021-28664 has a severity rating of 8.8 (critical).
How can an unprivileged user exploit CVE-2021-28664?
An unprivileged user can exploit CVE-2021-28664 to achieve read/write access to read-only pages.
How can I fix CVE-2021-28664?
To fix CVE-2021-28664, it is recommended to apply the necessary security updates released by Arm or Google for the affected GPU drivers.
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- agent/title
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/android-source
- source/Android
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- collector/nvd-cve
- vendor/arm
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r0p0
- version/arm bifrost gpu kernel driver/r28p0
- canonical/arm midguard gpu kernel driver
- version/arm midguard gpu kernel driver/r8p0
- version/arm midguard gpu kernel driver/r30p0
- canonical/arm valhall gpu kernel driver
- version/arm valhall gpu kernel driver/r19p0
- version/arm valhall gpu kernel driver/r28p0
- canonical/arm midgard gpu kernel driver
- version/arm midgard gpu kernel driver/r8p0
- vendor/google
- canonical/google android
- canonical/arm mali graphics processing unit (gpu)