Filtered by vendor Arm
Subscribe
Total
129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43701 | 1 Arm | 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more | 2024-10-24 | N/A | 7.8 HIGH |
| When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. | |||||
| CVE-2022-42716 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-10-15 | N/A | 8.8 HIGH |
| An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0. | |||||
| CVE-2024-45159 | 1 Arm | 1 Mbed Tls | 2024-09-19 | N/A | 9.8 CRITICAL |
| An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert). | |||||
| CVE-2024-23744 | 1 Arm | 1 Mbed Tls | 2024-09-12 | N/A | 7.5 HIGH |
| An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | |||||
| CVE-2023-51712 | 1 Arm | 1 Trusted Firmware-m | 2024-09-12 | N/A | 4.7 MEDIUM |
| An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. | |||||
| CVE-2024-45157 | 1 Arm | 1 Mbed Tls | 2024-09-12 | N/A | 5.1 MEDIUM |
| An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. | |||||
| CVE-2024-2937 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-09-10 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0. | |||||
| CVE-2024-4607 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-09-10 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0. | |||||
| CVE-2023-4272 | 1 Arm | 4 Bifrost Gpu Kernel Driver, Mali Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2024-09-04 | N/A | 5.5 MEDIUM |
| A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. | |||||
| CVE-2024-4610 | 1 Arm | 2 Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-08-14 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0. | |||||
| CVE-2021-28663 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-08-13 | 9.0 HIGH | 8.8 HIGH |
| The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. | |||||
| CVE-2022-48251 | 1 Arm | 20 Cortex-a53, Cortex-a53 Firmware, Cortex-a55 and 17 more | 2024-08-03 | N/A | 7.5 HIGH |
| The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." | |||||
| CVE-2021-28664 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-07-25 | 9.0 HIGH | 8.8 HIGH |
| The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0. | |||||
| CVE-2023-5249 | 1 Arm | 2 Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-07-03 | N/A | 7.0 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0. | |||||
| CVE-2022-38181 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-06-28 | N/A | 8.8 HIGH |
| The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0. | |||||
| CVE-2023-3889 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-02-28 | N/A | 7.8 HIGH |
| A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory. | |||||
| CVE-2024-23775 | 1 Arm | 1 Mbed Tls | 2024-02-28 | N/A | 7.5 HIGH |
| Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). | |||||
| CVE-2023-5427 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-02-28 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0. | |||||
| CVE-2023-52353 | 1 Arm | 1 Mbed Tls | 2024-02-28 | N/A | 7.5 HIGH |
| An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | |||||
| CVE-2023-34320 | 2 Arm, Xen | 3 Cortex-a77, Cortex-a77 Firmware, Xen | 2024-02-28 | N/A | 5.5 MEDIUM |
| Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. | |||||