CVE-2021-29256

HIGH KEV

ARM Bifrost Gpu Kernel Driver < r30p0 - Use After Free

Title source: rule

Description

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

References (2)

[Vendor Advisory] https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-29256

Scores

CVSS v3 8.8

EPSS 0.0050

EPSS Percentile 65.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-07-07

VulnCheck KEV 2023-07-05

InTheWild.io 2023-07-07

ENISA EUVD EUVD-2021-15895

CWE

CWE-416

Status published

Products (3)

arm/bifrost_gpu_kernel_driver r16p0 - r30p0

arm/midgard_gpu_kernel_driver r28p0 - r31p0

arm/valhall_gpu_kernel_driver r19p0 - r30p0

Published May 24, 2021

KEV Added Jul 07, 2023

Tracked Since Feb 18, 2026