CVE-2021-28664
Published: 10 May 2021
Summary
CVE-2021-28664 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Arm Bifrost Gpu Kernel Driver. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 43.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability is a flaw in the Arm Mali GPU kernel driver that permits an unprivileged user to obtain read/write access to read-only memory pages, resulting in memory corruption. This affects Bifrost GPUs from r0p0 through r29p0 (fixed in r30p0), Valhall GPUs from r19p0 through r29p0 (fixed in r30p0), and Midgard GPUs from r8p0 through r30p0 (fixed in r31p0). The issue is tracked as CWE-787 and carries a CVSS 3.1 score of 8.8.
An attacker with local access to a system using an affected Mali GPU driver can exploit the flaw to escalate privileges or trigger a denial of service. The kernel-level nature of the driver allows the corruption to impact system stability or enable further code execution within the kernel context.
Arm security advisories direct users to updated Mali GPU kernel driver releases that resolve the issue across the listed GPU families. The referenced Arm developer pages provide links to the specific security updates and vulnerability disclosures for the Mali driver.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-15328
Vulnerability details
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before…
more
r30p0, and Midgard r8p0 through r30p0 before r31p0.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements memory protection safeguards that would block unauthorized writes to read-only pages by unprivileged processes.
Enforces access control policy on memory pages so that read-only restrictions cannot be bypassed by user-space code.
Requires timely installation of the vendor-supplied Mali GPU driver patches that close the read-only page mapping flaw.