Vendor CVEs
Arm
All CVEs
182 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28663 | 0.12 | — | 0.12 | KEV | May 10, 2021 | The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0… | ||
| CVE-2025-47917 | 0.04 | — | 0.02 | Jul 20, 2025 | Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not… | |||
| CVE-2022-46395 | 0.04 | — | 0.03 | Mar 6, 2023 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0… | |||
| CVE-2025-0647 | 0.00 | — | 0.00 | Jan 14, 2026 | In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have… | |||
| CVE-2025-59438 | 0.00 | — | 0.00 | Oct 21, 2025 | Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. | |||
| CVE-2025-54764 | 0.00 | — | 0.00 | Oct 20, 2025 | Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. | |||
| CVE-2022-50491 | 0.00 | — | 0.00 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti_disable_hw() cti_enable_hw() and cti_disable_hw() are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with… | |||
| CVE-2025-7427 | 0.00 | — | 0.00 | Jul 22, 2025 | Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio. | |||
| CVE-2025-48965 | 0.00 | — | 0.00 | Jul 20, 2025 | Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero. | |||
| CVE-2025-52496 | 0.00 | — | 0.00 | Jul 4, 2025 | Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery. | |||
| CVE-2025-52497 | 0.00 | — | 0.00 | Jul 4, 2025 | Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input. | |||
| CVE-2024-7881 | 0.00 | — | 0.00 | Jan 28, 2025 | An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. | |||
| CVE-2024-10929 | 0.00 | — | 0.00 | Jan 22, 2025 | In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history. | |||
| CVE-2024-5660 | 0.00 | — | 0.01 | Dec 10, 2024 | Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2… | |||
| CVE-2024-48984 | 0.00 | — | 0.01 | Nov 20, 2024 | An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the… | |||
| CVE-2024-48985 | 0.00 | — | 0.00 | Nov 20, 2024 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the… | |||
| CVE-2024-48986 | 0.00 | — | 0.00 | Nov 20, 2024 | An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking… | |||
| CVE-2024-48983 | 0.00 | — | 0.00 | Nov 20, 2024 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as… | |||
| CVE-2024-6563 | 0.00 | — | 0.00 | Jul 8, 2024 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drive… | |||
| CVE-2024-6287 | 0.00 | — | 0.00 | Jun 24, 2024 | Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range… | |||
| CVE-2024-6285 | 0.00 | — | 0.00 | Jun 24, 2024 | Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses. | |||
| CVE-2024-22905 | 0.00 | — | 0.00 | Apr 19, 2024 | Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. | |||
| CVE-2023-52353 | 0.00 | — | 0.00 | Jan 21, 2024 | An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | |||
| CVE-2023-5091 | 0.00 | — | 0.00 | Jan 8, 2024 | Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0. | |||
| CVE-2023-4272 | 0.00 | — | 0.00 | Nov 7, 2023 | A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. | |||
| CVE-2023-34970 | 0.00 | — | 0.00 | Oct 3, 2023 | A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already… | |||
| CVE-2023-33200 | 0.00 | — | 0.00 | Oct 3, 2023 | A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. | |||
| CVE-2023-26085 | 0.00 | — | 0.00 | Jun 29, 2023 | A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. | |||
| CVE-2023-28469 | 0.00 | — | 0.00 | Jun 2, 2023 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before… | |||
| CVE-2023-28147 | 0.00 | — | 0.00 | Jun 1, 2023 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0… | |||
| CVE-2022-46396 | 0.00 | — | 0.00 | Apr 11, 2023 | An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | |||
| CVE-2023-22808 | 0.00 | — | 0.00 | Apr 11, 2023 | An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | |||
| CVE-2022-46781 | 0.00 | — | 0.00 | Apr 6, 2023 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | |||
| CVE-2023-26084 | 0.00 | — | 0.00 | Mar 15, 2023 | The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable. | |||
| CVE-2022-46394 | 0.00 | — | 0.01 | Mar 8, 2023 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | |||
| CVE-2022-46891 | 0.00 | — | 0.01 | Jan 17, 2023 | An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0… | |||
| CVE-2022-42716 | 0.00 | — | 0.01 | Dec 12, 2022 | An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0. | |||
| CVE-2022-34830 | 0.00 | — | 0.01 | Nov 23, 2022 | An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. | |||
| CVE-2022-41757 | 0.00 | — | 0.01 | Nov 8, 2022 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0… | |||
| CVE-2022-36449 | 0.00 | — | 0.01 | Sep 1, 2022 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard… | |||
| CVE-2022-33917 | 0.00 | — | 0.00 | Aug 2, 2022 | An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. | |||
| CVE-2022-28349 | 0.00 | — | 0.01 | May 19, 2022 | Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0. | |||
| CVE-2022-28350 | 0.00 | — | 0.01 | May 19, 2022 | Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation. | |||
| CVE-2022-28348 | 0.00 | — | 0.01 | May 19, 2022 | Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation. | |||
| CVE-2021-27433 | 0.00 | — | 0.02 | May 3, 2022 | ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||
| CVE-2021-27431 | 0.00 | — | 0.01 | May 3, 2022 | ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. | |||
| CVE-2021-27435 | 0.00 | — | 0.02 | May 3, 2022 | ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||
| CVE-2021-43666 | 0.00 | — | 0.02 | Mar 24, 2022 | A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. | |||
| CVE-2022-23960 | 0.00 | — | 0.01 | Mar 12, 2022 | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow… | |||
| CVE-2022-25368 | 0.00 | — | 0.00 | Mar 9, 2022 | Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause… |
- risk 0.12cvss —epss 0.12
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0…
- CVE-2025-47917Jul 20, 2025risk 0.04cvss —epss 0.02
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not…
- CVE-2022-46395Mar 6, 2023risk 0.04cvss —epss 0.03
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0…
- CVE-2025-0647Jan 14, 2026risk 0.00cvss —epss 0.00
In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have…
- CVE-2025-59438Oct 21, 2025risk 0.00cvss —epss 0.00
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
- CVE-2025-54764Oct 20, 2025risk 0.00cvss —epss 0.00
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
- CVE-2022-50491Oct 4, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti_disable_hw() cti_enable_hw() and cti_disable_hw() are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with…
- CVE-2025-7427Jul 22, 2025risk 0.00cvss —epss 0.00
Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.
- CVE-2025-48965Jul 20, 2025risk 0.00cvss —epss 0.00
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.
- CVE-2025-52496Jul 4, 2025risk 0.00cvss —epss 0.00
Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
- CVE-2025-52497Jul 4, 2025risk 0.00cvss —epss 0.00
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.
- CVE-2024-7881Jan 28, 2025risk 0.00cvss —epss 0.00
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.
- CVE-2024-10929Jan 22, 2025risk 0.00cvss —epss 0.00
In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history.
- CVE-2024-5660Dec 10, 2024risk 0.00cvss —epss 0.01
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2…
- CVE-2024-48984Nov 20, 2024risk 0.00cvss —epss 0.01
An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the…
- CVE-2024-48985Nov 20, 2024risk 0.00cvss —epss 0.00
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the…
- CVE-2024-48986Nov 20, 2024risk 0.00cvss —epss 0.00
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking…
- CVE-2024-48983Nov 20, 2024risk 0.00cvss —epss 0.00
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as…
- CVE-2024-6563Jul 8, 2024risk 0.00cvss —epss 0.00
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drive…
- CVE-2024-6287Jun 24, 2024risk 0.00cvss —epss 0.00
Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range…
- CVE-2024-6285Jun 24, 2024risk 0.00cvss —epss 0.00
Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.
- CVE-2024-22905Apr 19, 2024risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.
- CVE-2023-52353Jan 21, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
- CVE-2023-5091Jan 8, 2024risk 0.00cvss —epss 0.00
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.
- CVE-2023-4272Nov 7, 2023risk 0.00cvss —epss 0.00
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.
- CVE-2023-34970Oct 3, 2023risk 0.00cvss —epss 0.00
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already…
- CVE-2023-33200Oct 3, 2023risk 0.00cvss —epss 0.00
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
- CVE-2023-26085Jun 29, 2023risk 0.00cvss —epss 0.00
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.
- CVE-2023-28469Jun 2, 2023risk 0.00cvss —epss 0.00
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before…
- CVE-2023-28147Jun 1, 2023risk 0.00cvss —epss 0.00
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0…
- CVE-2022-46396Apr 11, 2023risk 0.00cvss —epss 0.00
An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.
- CVE-2023-22808Apr 11, 2023risk 0.00cvss —epss 0.00
An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.
- CVE-2022-46781Apr 6, 2023risk 0.00cvss —epss 0.00
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.
- CVE-2023-26084Mar 15, 2023risk 0.00cvss —epss 0.00
The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.
- CVE-2022-46394Mar 8, 2023risk 0.00cvss —epss 0.01
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.
- CVE-2022-46891Jan 17, 2023risk 0.00cvss —epss 0.01
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0…
- CVE-2022-42716Dec 12, 2022risk 0.00cvss —epss 0.01
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.
- CVE-2022-34830Nov 23, 2022risk 0.00cvss —epss 0.01
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
- CVE-2022-41757Nov 8, 2022risk 0.00cvss —epss 0.01
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0…
- CVE-2022-36449Sep 1, 2022risk 0.00cvss —epss 0.01
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard…
- CVE-2022-33917Aug 2, 2022risk 0.00cvss —epss 0.00
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.
- CVE-2022-28349May 19, 2022risk 0.00cvss —epss 0.01
Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.
- CVE-2022-28350May 19, 2022risk 0.00cvss —epss 0.01
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.
- CVE-2022-28348May 19, 2022risk 0.00cvss —epss 0.01
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.
- CVE-2021-27433May 3, 2022risk 0.00cvss —epss 0.02
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
- CVE-2021-27431May 3, 2022risk 0.00cvss —epss 0.01
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
- CVE-2021-27435May 3, 2022risk 0.00cvss —epss 0.02
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
- CVE-2021-43666Mar 24, 2022risk 0.00cvss —epss 0.02
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
- CVE-2022-23960Mar 12, 2022risk 0.00cvss —epss 0.01
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow…
- CVE-2022-25368Mar 9, 2022risk 0.00cvss —epss 0.00
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause…
Page 3 of 4