CVE-2021-29256

moderate-risk
Published 2021-05-24

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Arm

References (3)

Vendor Advisory https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
Vendor Advisory https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...
48
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 9/34 · Low
Exposure 9/34 · Low