Vulnerabilites related to arm - bifrost
Vulnerability from fkie_nvd
Published
2022-03-03 15:15
Modified
2025-04-07 13:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | * | |
| arm | midgard_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | * |
{ cisaActionDue: "2023-04-20", cisaExploitAdd: "2023-03-30", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Arm Mali GPU Kernel Driver Unspecified Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "2BC992EA-31B0-4668-97A7-DAB4FA569FC7", versionEndExcluding: "r36p0", versionStartIncluding: "r0p0", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "7C54FBE2-F9B7-4C24-BD18-D63C429496C5", versionEndExcluding: "r32p0", versionStartIncluding: "r26p0", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "E9B32BDE-B62B-4CB6-8551-236699541379", versionEndExcluding: "r36p0", versionStartIncluding: "r19p0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.", }, { lang: "es", value: "El controlador del kernel de la GPU Arm Mali permite a un usuario sin privilegios conseguir acceso de escritura a páginas de memoria de sólo lectura. Esto afecta a Midgard r26p0 hasta r31p0, Bifrost r0p0 hasta r35p0, y Valhall r19p0 hasta r35p0", }, ], id: "CVE-2022-22706", lastModified: "2025-04-07T13:09:05.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-03-03T15:15:08.610", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/support/arm-security-updates", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/support/arm-security-updates", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-01 03:15
Modified
2025-04-07 12:47
Severity ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | * | |
| arm | bifrost_gpu_kernel_driver | r39p0 | |
| arm | midgard_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | r39p0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "16BAF891-CABF-421E-8D25-258A2D1B1DC7", versionEndIncluding: "r38p0", versionStartIncluding: "r0p0", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:r39p0:*:*:*:*:*:*:*", matchCriteriaId: "C5628A8D-18D5-4A0F-A474-13024A73F17F", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "2DCE4808-EFC2-4BA7-83CF-BD98CAFBB029", versionEndIncluding: "r32p0", versionStartIncluding: "r4p0", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "2D7A46F8-1503-4028-922F-643E5748CA0E", versionEndIncluding: "r38p0", versionStartIncluding: "r19p0", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:valhall_gpu_kernel_driver:r39p0:*:*:*:*:*:*:*", matchCriteriaId: "05471A20-62BC-4626-BE77-0902B098834E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.", }, { lang: "es", value: "Se ha detectado un problema en el controlador del kernel de la GPU Arm Mali. Un usuario no privilegiado puede realizar operaciones inapropiadas de procesamiento de la GPU para conseguir acceso a la memoria ya liberada, escribir una cantidad limitada fuera de límites del búfer o divulgar detalles de las asignaciones de memoria. Esto afecta a Midgard versiones r4p0 hasta r32p0, Bifrost versiones r0p0 hasta r38p0 y r39p0 anteriores a r38p1, y Valhall versiones r19p0 hasta r38p0 y r39p0 anteriores a r38p1", }, ], id: "CVE-2022-36449", lastModified: "2025-04-07T12:47:11.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-01T03:15:16.050", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-24 18:15
Modified
2025-04-07 13:08
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | * | |
| arm | midgard_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | * |
{ cisaActionDue: "2023-07-28", cisaExploitAdd: "2023-07-07", cisaRequiredAction: "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", cisaVulnerabilityName: "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "D168CEB1-DAE6-4C9F-B101-C84CA7C0396D", versionEndExcluding: "r30p0", versionStartIncluding: "r16p0", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "EB12C4AB-50D7-49F7-A8C3-33A8629D3C96", versionEndExcluding: "r31p0", versionStartIncluding: "r28p0", vulnerable: true, }, { criteria: "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*", matchCriteriaId: "E9713B79-2EFF-49C1-8B8F-4CA969BA351E", versionEndExcluding: "r30p0", versionStartIncluding: "r19p0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.", }, { lang: "es", value: "El controlador del kernel de la GPU Arm Mali, permite a un usuario no privilegiado acceder a la memoria liberada, conllevando a una divulgación de información o una escalada de privilegios de root. Esto afecta a Bifrost versiones r16p0 hasta r29p0 anteriores a r30p0, Valhall r19p0 hasta r29p0 anteriores a r30p0 y Midgard versiones r28p0 hasta r30p0", }, ], id: "CVE-2021-29256", lastModified: "2025-04-07T13:08:28.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-05-24T18:15:08.033", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
cve-2022-22706
Vulnerability from cvelistv5
Published
2022-03-03 14:27
Modified
2025-01-29 16:39
Severity ?
EPSS score ?
Summary
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.arm.com/support/arm-security-updates | x_refsource_MISC | |
| https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:21:49.012Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-22706", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:39:32.254424Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-03-30", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22706", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:39:34.824Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-22T13:58:40.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.arm.com/support/arm-security-updates", }, { tags: [ "x_refsource_MISC", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-22706", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.arm.com/support/arm-security-updates", refsource: "MISC", url: "https://developer.arm.com/support/arm-security-updates", }, { name: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", refsource: "MISC", url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-22706", datePublished: "2022-03-03T14:27:54.000Z", dateReserved: "2022-01-06T00:00:00.000Z", dateUpdated: "2025-01-29T16:39:34.824Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36449
Vulnerability from cvelistv5
Published
2022-09-01 02:50
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:07:33.946Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-20T15:06:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36449", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", refsource: "MISC", url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, { name: "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html", }, { name: "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html", }, { name: "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html", }, { name: "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36449", datePublished: "2022-09-01T02:50:37", dateReserved: "2022-07-25T00:00:00", dateUpdated: "2024-08-03T10:07:33.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29256
Vulnerability from cvelistv5
Published
2021-05-24 17:56
Modified
2025-02-04 19:44
Severity ?
EPSS score ?
Summary
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-29256", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:43:25.118908Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-07-07", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-29256", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:44:44.324Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-24T17:56:27.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-29256", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", refsource: "CONFIRM", url: "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-29256", datePublished: "2021-05-24T17:56:27.000Z", dateReserved: "2021-03-26T00:00:00.000Z", dateUpdated: "2025-02-04T19:44:44.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }