Filtered by vendor Arm
Subscriptions
Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34830 | 1 Arm | 1 Utgard Gpu Kernel Driver | 2024-11-21 | 7.5 High |
| An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. | ||||
| CVE-2022-33917 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. | ||||
| CVE-2022-28350 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-11-21 | 9.8 Critical |
| Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation. | ||||
| CVE-2022-28349 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-11-21 | 9.8 Critical |
| Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0. | ||||
| CVE-2022-28348 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-11-21 | 9.8 Critical |
| Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation. | ||||
| CVE-2022-25368 | 2 Amperecomputing, Arm | 44 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 41 more | 2024-11-21 | 4.7 Medium |
| Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. | ||||
| CVE-2022-23960 | 4 Arm, Debian, Redhat and 1 more | 45 Cortex-a57, Cortex-a57 Firmware, Cortex-a65 and 42 more | 2024-11-21 | 5.6 Medium |
| Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | ||||
| CVE-2021-45451 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2024-11-21 | 7.5 High |
| In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | ||||
| CVE-2021-45450 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2024-11-21 | 7.5 High |
| In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | ||||
| CVE-2021-44828 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-11-21 | 7.8 High |
| Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes. | ||||
| CVE-2021-44732 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-11-21 | 9.8 Critical |
| Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | ||||
| CVE-2021-44331 | 1 Arm | 1 Adaptive Scalable Texture Compression Encoder | 2024-11-21 | 7.8 High |
| ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). | ||||
| CVE-2021-43666 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. | ||||
| CVE-2021-43086 | 1 Arm | 1 Adaptive Scalable Texture Compression Encoder | 2024-11-21 | 9.8 Critical |
| ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp". | ||||
| CVE-2021-36647 | 1 Arm | 1 Mbed Tls | 2024-11-21 | 4.7 Medium |
| Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA. | ||||
| CVE-2021-35465 | 1 Arm | 8 China Star-mc1, China Star-mc1 Firmware, Cortex-m33 and 5 more | 2024-11-21 | 3.4 Low |
| Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration). | ||||
| CVE-2021-28663 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-11-21 | 8.8 High |
| The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. | ||||
| CVE-2021-27435 | 1 Arm | 1 Mbed | 2024-11-21 | 7.3 High |
| ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27433 | 1 Arm | 1 Mbed Ualloc | 2024-11-21 | 7.3 High |
| ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27431 | 1 Arm | 1 Cmsis-rtos | 2024-11-21 | 7.3 High |
| ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. | ||||