Filtered by vendor Arm
Subscribe
Total
161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33200 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Mali Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-03-07 | N/A | 4.7 MEDIUM |
| A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. | |||||
| CVE-2022-46394 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-03-05 | N/A | 8.8 HIGH |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | |||||
| CVE-2023-26084 | 1 Arm | 1 Aarch64cryptolib | 2025-02-27 | N/A | 3.7 LOW |
| The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable. | |||||
| CVE-2023-5427 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-02-13 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0. | |||||
| CVE-2022-43703 | 1 Arm | 2 Arm Development Studio, Ds Development Studio | 2025-02-13 | N/A | 7.8 HIGH |
| An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | |||||
| CVE-2022-43702 | 1 Arm | 6 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 3 more | 2025-02-13 | N/A | 7.8 HIGH |
| When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | |||||
| CVE-2022-43701 | 1 Arm | 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more | 2025-02-13 | N/A | 7.8 HIGH |
| When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. | |||||
| CVE-2022-46781 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-02-12 | N/A | 3.3 LOW |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | |||||
| CVE-2023-22808 | 1 Arm | 3 Avalon Android Gralloc Module, Bifrost Android Gralloc Module, Valhall Android Gralloc Module | 2025-02-11 | N/A | 3.3 LOW |
| An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | |||||
| CVE-2022-46396 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-02-11 | N/A | 3.3 LOW |
| An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | |||||
| CVE-2023-4211 | 1 Arm | 4 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2025-02-04 | N/A | 5.5 MEDIUM |
| A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2025-01-14 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2023-28147 | 1 Arm | 4 Avalon Gpu Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2025-01-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | |||||
| CVE-2023-28469 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-01-08 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | |||||
| CVE-2021-43619 | 1 Arm | 1 Trusted Firmware-m | 2024-11-27 | 4.6 MEDIUM | 7.8 HIGH |
| Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | |||||
| CVE-2023-40271 | 1 Arm | 1 Trusted Firmware-m | 2024-11-27 | N/A | 7.5 HIGH |
| In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8. | |||||
| CVE-2018-19440 | 1 Arm | 1 Trusted Firmware-a | 2024-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| ARM Trusted Firmware-A allows information disclosure. | |||||
| CVE-2024-4610 | 1 Arm | 2 Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-11-27 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0. | |||||
| CVE-2023-31339 | 2 Amd, Arm | 43 Trusted Firmware-a, Zu11eg, Zu15eg and 40 more | 2024-11-27 | N/A | 4.8 MEDIUM |
| Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. | |||||
| CVE-2024-48986 | 1 Arm | 1 Mbed | 2024-11-26 | N/A | 7.5 HIGH |
| An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. | |||||