Search criteria
11 vulnerabilities found for bifrost by arm
CVE-2023-4211 (GCVE-0-2023-4211)
Vulnerability from cvelistv5 – Published: 2023-10-01 17:00 – Updated: 2025-10-21 23:05
VLAI?
Summary
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Severity ?
5.5 (Medium)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Arm Ltd | Midgard GPU Kernel Driver |
Affected:
r12p0 , ≤ r32p0
(patch)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Maddie Stone, Google Threat Analysis Group
Jann Horn, Google Project Zero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4211",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:37:52.728085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4211"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:36.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4211"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-03T00:00:00+00:00",
"value": "CVE-2023-4211 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Midgard GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r32p0",
"status": "affected",
"version": "r12p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Bifrost GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r0p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valhall GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r19p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Arm 5th Gen GPU Architecture Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r41p0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Maddie Stone, Google Threat Analysis Group "
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jann Horn, Google Project Zero"
}
],
"datePublic": "2023-10-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\u003c/p\u003e"
}
],
"value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T16:35:12.961Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "arm-security@arm.com",
"ID": "CVE-2023-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mali GPU Kernel Driver",
"version": {
"version_data": [
{
"version_value": "Midgard GPU Kernel Driver"
}
]
}
}
]
},
"vendor_name": "Arm Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "5.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"refsource": "MISC",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2023-4211",
"datePublished": "2023-10-01T17:00:27.113Z",
"dateReserved": "2023-08-07T15:24:51.156Z",
"dateUpdated": "2025-10-21T23:05:36.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36449 (GCVE-0-2022-36449)
Vulnerability from cvelistv5 – Published: 2022-09-01 02:50 – Updated: 2024-08-03 10:07
VLAI?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:33.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T15:06:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"refsource": "MISC",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"name": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"name": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"name": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"name": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36449",
"datePublished": "2022-09-01T02:50:37",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:33.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22706 (GCVE-0-2022-22706)
Vulnerability from cvelistv5 – Published: 2022-03-03 14:27 – Updated: 2025-10-21 23:15
VLAI?
Summary
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22706",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:39:32.254424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-03-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22706"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:44.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22706"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-30T00:00:00+00:00",
"value": "CVE-2022-22706 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T13:58:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-22706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22706",
"datePublished": "2022-03-03T14:27:54.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:44.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29256 (GCVE-0-2021-29256)
Vulnerability from cvelistv5 – Published: 2021-05-24 17:56 – Updated: 2025-10-21 23:25
VLAI?
Summary
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-29256",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:43:25.118908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-07-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-29256"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:45.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-29256"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-07T00:00:00+00:00",
"value": "CVE-2021-29256 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T17:56:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29256",
"datePublished": "2021-05-24T17:56:27.000Z",
"dateReserved": "2021-03-26T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:45.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4211 (GCVE-0-2023-4211)
Vulnerability from nvd – Published: 2023-10-01 17:00 – Updated: 2025-10-21 23:05
VLAI?
Summary
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
Severity ?
5.5 (Medium)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Arm Ltd | Midgard GPU Kernel Driver |
Affected:
r12p0 , ≤ r32p0
(patch)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Maddie Stone, Google Threat Analysis Group
Jann Horn, Google Project Zero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4211",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:37:52.728085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4211"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:36.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4211"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-03T00:00:00+00:00",
"value": "CVE-2023-4211 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Midgard GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r32p0",
"status": "affected",
"version": "r12p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Bifrost GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r0p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valhall GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r19p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Arm 5th Gen GPU Architecture Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r41p0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Maddie Stone, Google Threat Analysis Group "
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jann Horn, Google Project Zero"
}
],
"datePublic": "2023-10-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\u003c/p\u003e"
}
],
"value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T16:35:12.961Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "arm-security@arm.com",
"ID": "CVE-2023-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mali GPU Kernel Driver",
"version": {
"version_data": [
{
"version_value": "Midgard GPU Kernel Driver"
}
]
}
}
]
},
"vendor_name": "Arm Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "5.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"refsource": "MISC",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2023-4211",
"datePublished": "2023-10-01T17:00:27.113Z",
"dateReserved": "2023-08-07T15:24:51.156Z",
"dateUpdated": "2025-10-21T23:05:36.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36449 (GCVE-0-2022-36449)
Vulnerability from nvd – Published: 2022-09-01 02:50 – Updated: 2024-08-03 10:07
VLAI?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:33.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T15:06:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"refsource": "MISC",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"name": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"name": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"name": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"name": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36449",
"datePublished": "2022-09-01T02:50:37",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:33.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22706 (GCVE-0-2022-22706)
Vulnerability from nvd – Published: 2022-03-03 14:27 – Updated: 2025-10-21 23:15
VLAI?
Summary
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22706",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:39:32.254424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-03-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22706"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:44.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22706"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-30T00:00:00+00:00",
"value": "CVE-2022-22706 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T13:58:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-22706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22706",
"datePublished": "2022-03-03T14:27:54.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:44.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29256 (GCVE-0-2021-29256)
Vulnerability from nvd – Published: 2021-05-24 17:56 – Updated: 2025-10-21 23:25
VLAI?
Summary
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-29256",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:43:25.118908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-07-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-29256"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:45.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-29256"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-07T00:00:00+00:00",
"value": "CVE-2021-29256 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T17:56:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29256",
"datePublished": "2021-05-24T17:56:27.000Z",
"dateReserved": "2021-03-26T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:45.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2022-36449
Vulnerability from fkie_nvd - Published: 2022-09-01 03:15 - Updated: 2025-04-07 12:47
Severity ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | * | |
| arm | bifrost_gpu_kernel_driver | r39p0 | |
| arm | midgard_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | r39p0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16BAF891-CABF-421E-8D25-258A2D1B1DC7",
"versionEndIncluding": "r38p0",
"versionStartIncluding": "r0p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:r39p0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5628A8D-18D5-4A0F-A474-13024A73F17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCE4808-EFC2-4BA7-83CF-BD98CAFBB029",
"versionEndIncluding": "r32p0",
"versionStartIncluding": "r4p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7A46F8-1503-4028-922F-643E5748CA0E",
"versionEndIncluding": "r38p0",
"versionStartIncluding": "r19p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:r39p0:*:*:*:*:*:*:*",
"matchCriteriaId": "05471A20-62BC-4626-BE77-0902B098834E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
},
{
"lang": "es",
"value": "Se ha detectado un problema en el controlador del kernel de la GPU Arm Mali. Un usuario no privilegiado puede realizar operaciones inapropiadas de procesamiento de la GPU para conseguir acceso a la memoria ya liberada, escribir una cantidad limitada fuera de l\u00edmites del b\u00fafer o divulgar detalles de las asignaciones de memoria. Esto afecta a Midgard versiones r4p0 hasta r32p0, Bifrost versiones r0p0 hasta r38p0 y r39p0 anteriores a r38p1, y Valhall versiones r19p0 hasta r38p0 y r39p0 anteriores a r38p1"
}
],
"id": "CVE-2022-36449",
"lastModified": "2025-04-07T12:47:11.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-01T03:15:16.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22706
Vulnerability from fkie_nvd - Published: 2022-03-03 15:15 - Updated: 2025-11-03 15:08
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | * | |
| arm | midgard_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | * |
{
"cisaActionDue": "2023-04-20",
"cisaExploitAdd": "2023-03-30",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Driver Unspecified Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC992EA-31B0-4668-97A7-DAB4FA569FC7",
"versionEndExcluding": "r36p0",
"versionStartIncluding": "r0p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C54FBE2-F9B7-4C24-BD18-D63C429496C5",
"versionEndExcluding": "r32p0",
"versionStartIncluding": "r26p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B32BDE-B62B-4CB6-8551-236699541379",
"versionEndExcluding": "r36p0",
"versionStartIncluding": "r19p0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
},
{
"lang": "es",
"value": "El controlador del kernel de la GPU Arm Mali permite a un usuario sin privilegios conseguir acceso de escritura a p\u00e1ginas de memoria de s\u00f3lo lectura. Esto afecta a Midgard r26p0 hasta r31p0, Bifrost r0p0 hasta r35p0, y Valhall r19p0 hasta r35p0"
}
],
"id": "CVE-2022-22706",
"lastModified": "2025-11-03T15:08:26.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-03-03T15:15:08.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22706"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-29256
Vulnerability from fkie_nvd - Published: 2021-05-24 18:15 - Updated: 2025-11-03 15:16
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | * | |
| arm | midgard_gpu_kernel_driver | * | |
| arm | valhall_gpu_kernel_driver | * |
{
"cisaActionDue": "2023-07-28",
"cisaExploitAdd": "2023-07-07",
"cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D168CEB1-DAE6-4C9F-B101-C84CA7C0396D",
"versionEndExcluding": "r30p0",
"versionStartIncluding": "r16p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB12C4AB-50D7-49F7-A8C3-33A8629D3C96",
"versionEndExcluding": "r31p0",
"versionStartIncluding": "r28p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9713B79-2EFF-49C1-8B8F-4CA969BA351E",
"versionEndExcluding": "r30p0",
"versionStartIncluding": "r19p0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
},
{
"lang": "es",
"value": "El controlador del kernel de la GPU Arm Mali, permite a un usuario no privilegiado acceder a la memoria liberada, conllevando a una divulgaci\u00f3n de informaci\u00f3n o una escalada de privilegios de root.\u0026#xa0;Esto afecta a Bifrost versiones r16p0 hasta r29p0 anteriores a r30p0, Valhall r19p0 hasta r29p0 anteriores a r30p0 y Midgard versiones r28p0 hasta r30p0"
}
],
"id": "CVE-2021-29256",
"lastModified": "2025-11-03T15:16:51.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-05-24T18:15:08.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-29256"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}