VYPR

Vendor CVEs

Arm

All CVEs

182 total · sorted by risk
  • CVE-2021-28663KEVMay 10, 2021
    risk 0.12cvss epss 0.12

    The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0…

  • CVE-2025-47917Jul 20, 2025
    risk 0.04cvss epss 0.02

    Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not…

  • CVE-2022-46395Mar 6, 2023
    risk 0.04cvss epss 0.03

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0…

  • CVE-2025-0647Jan 14, 2026
    risk 0.00cvss epss 0.00

    In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have…

  • CVE-2025-59438Oct 21, 2025
    risk 0.00cvss epss 0.00

    Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.

  • CVE-2025-54764Oct 20, 2025
    risk 0.00cvss epss 0.00

    Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

  • CVE-2022-50491Oct 4, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti_disable_hw() cti_enable_hw() and cti_disable_hw() are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with…

  • CVE-2025-7427Jul 22, 2025
    risk 0.00cvss epss 0.00

    Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.

  • CVE-2025-48965Jul 20, 2025
    risk 0.00cvss epss 0.00

    Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

  • CVE-2025-52496Jul 4, 2025
    risk 0.00cvss epss 0.00

    Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

  • CVE-2025-52497Jul 4, 2025
    risk 0.00cvss epss 0.00

    Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

  • CVE-2024-7881Jan 28, 2025
    risk 0.00cvss epss 0.00

    An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.

  • CVE-2024-10929Jan 22, 2025
    risk 0.00cvss epss 0.00

    In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history.

  • CVE-2024-5660Dec 10, 2024
    risk 0.00cvss epss 0.01

    Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2…

  • CVE-2024-48984Nov 20, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the…

  • CVE-2024-48985Nov 20, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the…

  • CVE-2024-48986Nov 20, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking…

  • CVE-2024-48983Nov 20, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as…

  • CVE-2024-6563Jul 8, 2024
    risk 0.00cvss epss 0.00

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drive…

  • CVE-2024-6287Jun 24, 2024
    risk 0.00cvss epss 0.00

    Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range…

  • CVE-2024-6285Jun 24, 2024
    risk 0.00cvss epss 0.00

    Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.

  • CVE-2024-22905Apr 19, 2024
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.

  • CVE-2023-52353Jan 21, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

  • CVE-2023-5091Jan 8, 2024
    risk 0.00cvss epss 0.00

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.

  • CVE-2023-4272Nov 7, 2023
    risk 0.00cvss epss 0.00

    A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

  • CVE-2023-34970Oct 3, 2023
    risk 0.00cvss epss 0.00

    A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already…

  • CVE-2023-33200Oct 3, 2023
    risk 0.00cvss epss 0.00

    A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.

  • CVE-2023-26085Jun 29, 2023
    risk 0.00cvss epss 0.00

    A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.

  • CVE-2023-28469Jun 2, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before…

  • CVE-2023-28147Jun 1, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0…

  • CVE-2022-46396Apr 11, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.

  • CVE-2023-22808Apr 11, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

  • CVE-2022-46781Apr 6, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.

  • CVE-2023-26084Mar 15, 2023
    risk 0.00cvss epss 0.00

    The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.

  • CVE-2022-46394Mar 8, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

  • CVE-2022-46891Jan 17, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0…

  • CVE-2022-42716Dec 12, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.

  • CVE-2022-34830Nov 23, 2022
    risk 0.00cvss epss 0.01

    An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.

  • CVE-2022-41757Nov 8, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0…

  • CVE-2022-36449Sep 1, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard…

  • CVE-2022-33917Aug 2, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.

  • CVE-2022-28349May 19, 2022
    risk 0.00cvss epss 0.01

    Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.

  • CVE-2022-28350May 19, 2022
    risk 0.00cvss epss 0.01

    Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.

  • CVE-2022-28348May 19, 2022
    risk 0.00cvss epss 0.01

    Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.

  • CVE-2021-27433May 3, 2022
    risk 0.00cvss epss 0.02

    ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

  • CVE-2021-27431May 3, 2022
    risk 0.00cvss epss 0.01

    ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.

  • CVE-2021-27435May 3, 2022
    risk 0.00cvss epss 0.02

    ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

  • CVE-2021-43666Mar 24, 2022
    risk 0.00cvss epss 0.02

    A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.

  • CVE-2022-23960Mar 12, 2022
    risk 0.00cvss epss 0.01

    Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow…

  • CVE-2022-25368Mar 9, 2022
    risk 0.00cvss epss 0.00

    Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause…