VYPR

Vendor CVEs

Arm

All CVEs

182 total · sorted by risk
  • CVE-2018-25427CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.01

    Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the…

  • CVE-2024-49195CriOct 15, 2024
    risk 0.64cvss 9.8epss 0.01

    Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

  • CVE-2024-45159CriSep 5, 2024
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of…

  • CVE-2024-45158CriSep 5, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits…

  • CVE-2023-45199CriOct 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

  • CVE-2022-46393CriDec 15, 2022
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

  • CVE-2021-44732CriDec 20, 2021
    risk 0.64cvss 9.8epss 0.03

    Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

  • CVE-2019-1010292CriJul 16, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

  • CVE-2019-1010298CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.04

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010297CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010296CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010295CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010293CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2018-0488CriFeb 13, 2018
    risk 0.64cvss 9.8epss 0.05

    ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

  • CVE-2018-0487CriFeb 13, 2018
    risk 0.64cvss 9.8epss 0.03

    ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

  • CVE-2025-10263CriJun 9, 2026
    risk 0.59cvss 9.1epss 0.00

    Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher…

  • CVE-2024-30166CriApr 3, 2024
    risk 0.59cvss 9.1epss 0.01

    In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

  • CVE-2022-35409CriJul 15, 2022
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or…

  • CVE-2019-25052CriAug 11, 2021
    risk 0.59cvss 9.1epss 0.01

    In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

  • CVE-2026-34877CriApr 2, 2026
    risk 0.57cvss 9.8epss 0.00

    An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code…

  • CVE-2026-34875CriApr 1, 2026
    risk 0.57cvss 9.8epss 0.00

    An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.

  • CVE-2025-48507HigNov 23, 2025
    risk 0.56cvss epss 0.00

    The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.

  • CVE-2025-53022HigJul 30, 2025
    risk 0.56cvss 8.6epss 0.00

    TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade (FWU) module does not validate the length field of the Type-Length-Value…

  • CVE-2018-25432HigJun 1, 2026
    risk 0.55cvss 8.4epss 0.00

    Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code…

  • CVE-2022-46152HigNov 29, 2022
    risk 0.53cvss 8.2epss 0.00

    OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and…

  • CVE-2017-14032HigAug 30, 2017
    risk 0.53cvss 8.1epss 0.01

    ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped…

  • CVE-2017-7563HigJun 7, 2017
    risk 0.53cvss 8.1epss 0.01

    In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).

  • CVE-2017-2784HigApr 20, 2017
    risk 0.53cvss 8.1epss 0.03

    An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack…

  • CVE-2026-34873CriApr 1, 2026
    risk 0.52cvss 9.1epss 0.00

    An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

  • CVE-2026-34872CriApr 1, 2026
    risk 0.52cvss 9.1epss 0.00

    An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values…

  • CVE-2026-40290HigJun 3, 2026
    risk 0.51cvss 7.8epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free (UAF) race condition exists in the shared memory…

  • CVE-2021-43619HigMar 1, 2022
    risk 0.51cvss 7.8epss 0.00

    Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

  • CVE-2021-44149HigDec 7, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary…

  • CVE-2026-33317HigApr 24, 2026
    risk 0.50cvss 8.7epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can…

  • CVE-2026-33662HigApr 24, 2026
    risk 0.49cvss 7.5epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the…

  • CVE-2024-23744HigJan 21, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

  • CVE-2023-43615HigOct 7, 2023
    risk 0.49cvss 7.5epss 0.01

    Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

  • CVE-2023-40271HigSep 8, 2023
    risk 0.49cvss 7.5epss 0.00

    In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part…

  • CVE-2021-45450HigDec 21, 2021
    risk 0.49cvss 7.5epss 0.01

    In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

  • CVE-2021-32032HigMay 21, 2021
    risk 0.49cvss 7.5epss 0.02

    In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.

  • CVE-2019-1010294HigJul 15, 2019
    risk 0.49cvss 7.5epss 0.01

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2017-15031HigDec 18, 2018
    risk 0.49cvss 7.5epss 0.02

    In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.

  • CVE-2018-1000520HigJun 26, 2018
    risk 0.49cvss 7.5epss 0.01

    ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be…

  • CVE-2018-9989HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.02

    ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

  • CVE-2018-9988HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.02

    ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

  • CVE-2017-7564HigJun 7, 2017
    risk 0.49cvss 7.5epss 0.01

    In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.

  • CVE-2017-5927HigFeb 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…

  • CVE-2016-6129HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.01

    The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by…

  • CVE-2023-41325HigSep 15, 2023
    risk 0.48cvss 7.4epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free.…

  • CVE-2022-47630HigJan 16, 2023
    risk 0.48cvss 7.4epss 0.01

    Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about…

Page 1 of 4