Filtered by vendor Arm
Subscriptions
Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45157 | 1 Arm | 1 Mbed Tls | 2025-03-14 | 5.1 Medium |
| An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. | ||||
| CVE-2021-28663 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-03-14 | 8.8 High |
| The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. | ||||
| CVE-2022-22706 | 1 Arm | 3 Bifrost, Midgard, Valhall | 2025-03-14 | 7.8 High |
| Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0. | ||||
| CVE-2021-27562 | 1 Arm | 1 Trusted Firmware-m | 2025-03-14 | 5.5 Medium |
| In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. | ||||
| CVE-2024-45159 | 1 Arm | 1 Mbed Tls | 2025-03-13 | 9.8 Critical |
| An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert). | ||||
| CVE-2023-6241 | 1 Arm | 4 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2025-03-13 | 7.8 High |
| Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0. | ||||
| CVE-2023-34970 | 1 Arm | 2 Mali Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-03-07 | 4.7 Medium |
| A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory | ||||
| CVE-2023-33200 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Mali Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-03-07 | 4.7 Medium |
| A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. | ||||
| CVE-2022-46394 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-03-05 | 8.8 High |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | ||||
| CVE-2023-26084 | 1 Arm | 1 Aarch64cryptolib | 2025-02-27 | 3.7 Low |
| The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable. | ||||
| CVE-2023-5427 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-02-13 | 7.8 High |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0. | ||||
| CVE-2023-4295 | 1 Arm | 2 Mali Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-02-13 | 7.8 High |
| A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | ||||
| CVE-2022-43703 | 1 Arm | 2 Arm Development Studio, Ds Development Studio | 2025-02-13 | 7.8 High |
| An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | ||||
| CVE-2022-43702 | 1 Arm | 6 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 3 more | 2025-02-13 | 7.8 High |
| When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | ||||
| CVE-2022-43701 | 1 Arm | 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more | 2025-02-13 | 7.8 High |
| When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. | ||||
| CVE-2022-46781 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-02-12 | 3.3 Low |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | ||||
| CVE-2023-22808 | 1 Arm | 3 Avalon Android Gralloc Module, Bifrost Android Gralloc Module, Valhall Android Gralloc Module | 2025-02-11 | 3.3 Low |
| An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | ||||
| CVE-2022-46396 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-02-11 | 4.4 Medium |
| An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | ||||
| CVE-2021-29256 | 1 Arm | 3 Bifrost, Midgard, Valhall | 2025-02-04 | 8.8 High |
| . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. | ||||
| CVE-2023-4211 | 1 Arm | 4 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2025-02-04 | 5.5 Medium |
| A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | ||||