CVE-2021-29256
HIGH KEVArm Mali GPU Kernel Driver Bifrost r16p0-r29p0 Midgard r28p0-r30p0 Valhall r19p0-r29p0 - Use-After-Free
Title source: llmExploitation Summary
CVE-2021-29256 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 7, 2023.
Description
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-29256
Scores
CVSS v3
8.8
EPSS
0.0066
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-07-07
VulnCheck KEV
2023-07-05
InTheWild.io
2023-07-07
ENISA EUVD
EUVD-2021-15895
CWE
CWE-416
Status
published
Products (3)
arm/bifrost_gpu_kernel_driver
r16p0 - r30p0
arm/midgard_gpu_kernel_driver
r28p0 - r31p0
arm/valhall_gpu_kernel_driver
r19p0 - r30p0
Published
May 24, 2021
KEV Added
Jul 07, 2023
Tracked Since
Feb 18, 2026