Vulnerabilities > CVE-2021-28663 - Use After Free vulnerability in ARM products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://developer.arm.com/support/arm-security-updates
- https://developer.arm.com/support/arm-security-updates
- https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
- https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
- https://github.com/lntrx/CVE-2021-28663
- https://github.com/lntrx/CVE-2021-28663