Title Mali  GPU Kernel Driver allows improper operations on GPU memory
CVE  CVE-2021-28663
Date of issue 18th March 2021
Affects Midgard GPU Kernel Driver: All versions from r4p0 – r30p0
Bifrost   GPU Kernel Driver: All versions from r0p0 – r28p0
Valhall GPU Kernel Driver: All versions from r19p0 - r28p0
Impact A non-privileged user can make improper operations on GPU memory to enter into a use-after-free scenario and may be able to gain root privilege, and/or disclose information.
Resolution This issue is fixed in Bifrost and Valhall GPU Kernel Driver r29p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.
Credit n/a

 

Title Mali GPU Kernel Driver elevates CPU RO pages to writable
CVE  CVE-2021-28664
Date of issue 18th March 2021
Affects Midgard GPU Kernel Driver: All versions from r8p0 – r30p0
Bifrost GPU Kernel Driver: All versions from r0p0 – r28p0
Valhall GPU Kernel Driver: All versions from r19p0 - r28p0
Impact A non-privileged user can get a write access to read-only memory, and may be able to gain root privilege, corrupt memory and modify the memory of other processes.
Resolution This issue is fixed in Bifrost and Valhall GPU Kernel Driver r29p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.
Credit n/a

 

Title Mali GPU Kernel Driver allows improper operations on GPU memory
CVE CVE-2021-29256
Date of issue 26th March 2021
Affects Midgard GPU Kernel Driver: All versions from r28p0 – r30p0
Bifrost GPU Kernel Driver: All versions from r16p0 – r29p0
Valhall GPU Kernel Driver: All versions from r19p0 - r29p0
Impact A non-privileged User can make improper operations on GPU memory to gain access to already freed memory and may be able to gain root privilege, and/or disclose information.
Resolution This issue is fixed in Bifrost and Valhall GPU Kernel Driver r30p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.
Credit Thanks to Brice Berna, of the Apple Media Products RedTeam for reporting this vulnerability.