Cyber Resilience

CVE-2021-29256

HighCISA KEVActive ExploitationEUVD Exploited

Published: 24 May 2021

Published
24 May 2021
Modified
03 November 2025
KEV Added
07 July 2023
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0066 71.7th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-29256 is a high-severity Use After Free (CWE-416) vulnerability in Arm Bifrost Gpu Kernel Driver. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 28.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a use-after-free flaw, identified as CWE-416, in the Arm Mali GPU kernel driver. It permits an unprivileged user to access freed memory and affects Bifrost GPU drivers from r16p0 through r29p0 (prior to r30p0), Valhall drivers from r19p0 through r29p0 (prior to r30p0), and Midgard drivers from r28p0 through r30p0. The issue carries a CVSS 3.1 base score of 8.8.

An attacker with low privileges can exploit the flaw over a network-accessible path without user interaction, resulting in information disclosure or escalation to root privileges on affected systems.

Arm has published security updates addressing the Mali GPU kernel driver, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities in the wild.

EU & UK References

Vulnerability details

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and…

more

Midgard r28p0 through r30p0.

CWE(s)
KEV Date Added
07 July 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

arm
bifrost gpu kernel driver
r16p0 — r30p0
arm
midgard gpu kernel driver
r28p0 — r31p0
arm
valhall gpu kernel driver
r19p0 — r30p0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements memory protection safeguards that block use-after-free access to freed kernel memory in the Mali GPU driver.

prevent

Requires timely application of the vendor patches that close the use-after-free flaw in Bifrost/Valhall/Midgard drivers before r30p0.

prevent

Enforces least privilege so that an unprivileged user cannot reach the vulnerable kernel driver path or retain escalated root access after exploitation.

References