CVE-2021-28663
ENISA EUVD: EUVD-2021-15327 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
3 articles
Published: 2021-05-10
EPSS Score
Source: FIRST.org · 2026-05-23
3.62%
probability
This CVE has a 3.62% probability
of being exploited in the next 30 days.
0%
Top 87.9th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
9.0
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:L/Au:S/C:C/I:C/A:C
Description
VulnerabilityLookup (CNA)The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
Affected Products
n/a
n/a
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Google Project Zero
Patched
May 3, 2021
Reported by
???
Root Cause Analysis
???
Exploits & PoC
lntrx/CVE-2021-28663
A basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)
125
2021-09-03
1 repo — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
95%
EPSS
3.62%
CVSS v3.1
8.8
Mentions
3
Last Seen
Nov 09, 2021
CNA Information
CNA Assigner
mitre
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026
Published DateMay 10, 2021