Vulnerabilities > CVE-2021-29256 - Use After Free vulnerability in ARM Bifrost, Midgard and Valhall

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

arm

CWE-416

critical

NVD

Published: 2021-05-24

Updated: 2022-03-22

Summary

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

Vulnerable Configurations

Part	Description	Count
Application	Arm ARM Bifrost R16P0-01Eac0 ARM Bifrost R30P0 ARM Midgard R28P0-01Eac0 ARM Midgard R30P0 ARM Midgard R30P0-01Eac0 ARM Valhall R19P0-01Eac0 ARM Valhall R30P0	7

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver