CVE-2021-28664
ENISA EUVD: EUVD-2021-15328 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
3 articles
Published: 2021-05-10
EPSS Score
Source: FIRST.org · 2026-05-23
0.33%
probability
This CVE has a 0.33% probability
of being exploited in the next 30 days.
0%
Top 55.9th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
9.0
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:L/Au:S/C:C/I:C/A:C
Description
VulnerabilityLookup (CNA)The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.
Affected Products
n/a
n/a
Attack Intelligence
Google Project Zero
Patched
May 3, 2021
Reported by
???
Root Cause Analysis
???
Signal Intelligence
Confidence
95%
EPSS
0.33%
CVSS v3.1
8.8
Mentions
3
Last Seen
Nov 09, 2021
CNA Information
CNA Assigner
mitre
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026
Published DateMay 10, 2021