Filtered by vendor Arm Subscriptions
Total 131 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5091 1 Arm 1 Valhall Gpu Kernel Driver 2024-11-20 5.5 Medium
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.
CVE-2022-43701 1 Arm 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more 2024-10-24 7.8 High
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
CVE-2022-42716 1 Arm 1 Valhall Gpu Kernel Driver 2024-10-15 8.8 High
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.
CVE-2024-4607 1 Arm 4 5th Gen Gpu Architecture Kernel Driver, Arm 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver and 1 more 2024-09-30 7.8 High
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
CVE-2024-2937 1 Arm 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-09-30 7.8 High
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
CVE-2024-3655 1 Arm 3 Arm 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-09-30 7.8 High
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.
CVE-2023-40271 1 Arm 1 Trusted Firmware-m 2024-09-26 7.5 High
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.
CVE-2024-45159 1 Arm 1 Mbed Tls 2024-09-19 9.8 Critical
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).
CVE-2023-43615 3 Arm, Fedoraproject, Mbed 3 Mbed Tls, Fedora, Mbedtls 2024-09-19 7.5 High
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2023-45199 2 Arm, Mbed 2 Mbed Tls, Mbedtls 2024-09-19 9.8 Critical
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2018-5401 2 Arm, Auto-maskin 6 Arm7, Dcu 210e, Dcu 210e Firmware and 3 more 2024-09-17 N/A
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
CVE-2017-5715 8 Arm, Canonical, Debian and 5 more 230 Cortex-a, Ubuntu Linux, Debian Linux and 227 more 2024-09-17 5.6 Medium
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2021-26314 6 Amd, Arm, Broadcom and 3 more 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more 2024-09-17 5.5 Medium
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more 2024-09-16 5.5 Medium
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2017-5753 14 Arm, Canonical, Debian and 11 more 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more 2024-09-16 5.6 Medium
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2021-26313 6 Amd, Arm, Broadcom and 3 more 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more 2024-09-16 5.5 Medium
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
CVE-2018-3640 2 Arm, Intel 199 Cortex-a, Atom C, Atom E and 196 more 2024-09-16 N/A
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
CVE-2018-5400 2 Arm, Auto-maskin 5 Arm7, Dcu 210e, Dcu 210e Firmware and 2 more 2024-09-16 N/A
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.
CVE-2018-5402 2 Arm, Auto-maskin 6 Arm7, Dcu 210e, Dcu 210e Firmware and 3 more 2024-09-16 N/A
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
CVE-2017-5754 3 Arm, Intel, Redhat 218 Cortex-a, Atom C, Atom E and 215 more 2024-09-16 N/A
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.