Latest Arm Vulnerabilities

CVE-2023-5249
Mali GPU Kernel Driver allows improper GPU memory processing operations
Arm Bifrost Gpu Kernel Driver>=r35p0<=r40p0
Arm Valhall Gpu Kernel Driver>=r35p0<=r40p0
Google Android
CVE-2023-5643
Mali GPU Kernel Driver allows improper GPU memory processing operations
Arm 5th Gen GPU Architecture Kernel Driver>=r41p0<r46p0
Arm Bifrost Gpu Kernel Driver>=r41p0<r46p0
Arm Valhall Gpu Kernel Driver>=r41p0<r46p0
Google Android
CVE-2024-23170
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to rec...
ARM mbed TLS>=2.0.0<2.28.7
ARM mbed TLS>=3.0.0<3.5.2
CVE-2024-23775
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
ARM mbed TLS>=2.0.0<2.28.7
ARM mbed TLS>=3.0.0<3.5.2
CVE-2024-23744
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
ARM mbed TLS>3.4.0<=3.5.1
CVE-2023-52353
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 beco...
ARM mbed TLS<3.5.2
CVE-2023-5091
Mali GPU Kernel Driver allows improper GPU processing operations
Arm Valhall Gpu Kernel Driver>=r37p0<=r40p0
Google Android
CVE-2023-32804
Mali GPU Userspace Driver can make an Out-of-Bounds access
Arm 5th Gen GPU Architecture Kernel Driver>=r41p0<=r44p0
Arm Bifrost Gpu Kernel Driver>=r0p0<=r44p0
Arm Midgard Gpu Kernel Driver>=r0p0<=r32p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r44p0
Google Android
CVE-2023-5427
Mali GPU Kernel Driver allows improper GPU processing operations
Arm 5th Gen GPU Architecture Kernel Driver>=r44p0<r46p0
Arm Bifrost Gpu Kernel Driver>=r44p0<r46p0
Arm Valhall Gpu Kernel Driver>=r44p0<r46p0
Google Android
CVE-2023-4295
Mali GPU Kernel Driver allows improper GPU memory processing operations
Arm Mali GPU Kernel Driver>=r41p0<r43p0
Arm Valhall Gpu Kernel Driver>=r29p0<=r42p0
Google Android
CVE-2023-3889
Mali GPU Kernel Driver exposes sensitive data from freed memory
Arm Valhall Gpu Kernel Driver>=r38p0<=r44p0
Google Android
CVE-2023-4272
Mali GPU Kernel Driver exposes sensitive data from freed memory
Arm Bifrost Gpu Kernel Driver>=r0p0<=r41p0
Arm Mali GPU Kernel Driver=r41p0
Arm Midgard Gpu Kernel Driver>=r8p0<=r32p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r41p0
Google Android
CVE-2023-45199
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
ARM mbed TLS>=3.2.0<3.5.0
CVE-2023-43615
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
ARM mbed TLS>=2.0.0<2.28.5
ARM mbed TLS>=3.0.0<3.5.0
Fedoraproject Fedora=38
Fedoraproject Fedora=37
Fedoraproject Fedora=39
CVE-2023-33200
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give the...
Google Android
Arm Bifrost Gpu Kernel Driver>=r17p0<r44p1
Arm Mali GPU Kernel Driver>=r41p0<r44p1
Arm Valhall Gpu Kernel Driver>=r19p0<r44p1
CVE-2023-34970
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully...
Arm Mali GPU Kernel Driver=r44p0
Arm Valhall Gpu Kernel Driver=r44p0
Google Android
CVE-2023-4211
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Google Android
Arm Mali GPU Kernel Driver
Arm 5th Gen GPU Architecture Kernel Driver>=r41p0<=r42p0
Arm Bifrost>=r0p0<=r42p0
Arm Midgard>=r12p0<=r32p0
Arm Valhall>=r19p0<=r42p0
CVE-2023-40271
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with ...
Arm Trusted Firmware-m=1.6.0
Arm Trusted Firmware-m=1.6.1
Arm Trusted Firmware-m=1.7.0
Arm Trusted Firmware-m=1.8.0
CVE-2023-34320
arm: Guests can trigger a deadlock on Cortex-A77
Arm Cortex-a77 Firmware=r0p0
Arm Cortex-a77 Firmware=r1p0
Arm Cortex-a77
Xen Xen
CVE-2022-43703
Incomplete verification of installation file signature
Arm Arm Development Studio
Arm Ds Development Studio>=5.0.0<=5.29.3
CVE-2022-43702
Incomplete verification of installation file signature
Arm Arm Compiler>=5.00<=5.06
Arm Arm Compiler>=6.00<6.18
Arm Arm Compiler For Embedded Fusa=6.16
Arm Arm Compiler For Functional Safety>=6.6<6.6.5
Arm Arm Development Studio
Arm Ds Development Studio>=5.0.0<=5.29.3
and 1 more
CVE-2022-43701
Insecure directory permissions on installer files
Arm Arm Compiler>=5.00<=5.06
Arm Arm Compiler>=6.00<6.20
Arm Arm Compiler For Embedded Fusa=6.16
Arm Arm Compiler For Functional Safety=6.6
Arm Arm Development Studio
Arm Arm Mobile Studio
and 6 more
CVE-2023-28469
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through ...
Google Android
Arm Avalon Gpu Kernel Driver>=r41p0<r43p0
Arm Valhall Gpu Kernel Driver>=r29p0<r43p0
CVE-2023-28147
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through ...
Arm Avalon Gpu Kernel Driver>=r41p0<r43p0
Arm Bifrost Gpu Kernel Driver>=r17p0<r43p0
Arm Midgard Gpu Kernel Driver>=r29p0<=r32p0
Arm Valhall Gpu Kernel Driver>=r19p0<r43p0
CVE-2023-26085
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.
Google Android
Arm Nn Android Neural Networks Driver<23.02
CVE-2023-22808
An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhal...
Arm Avalon Android Gralloc Module=r41p0
Arm Bifrost Android Gralloc Module>=r24p0<=r41p0
Arm Valhall Android Gralloc Module>=r24p0<=r41p0
CVE-2022-46396
An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhal...
Google Android
Arm Avalon Gpu Kernel Driver=r41p0
Arm Valhall Gpu Kernel Driver>=r29p0<=r41p0
CVE-2022-46781
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Va...
Google Android
Arm Avalon Gpu Kernel Driver=r41p0
Arm Valhall Gpu Kernel Driver>=r29p0<r42p0
CVE-2023-26083
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Arm Mali Graphics Processing Unit (GPU)
Arm Avalon Gpu Kernel Driver>=r41p0<r43p0
Arm Bifrost Gpu Kernel Driver>=r0p0<r43p0
Arm Midgard>=r6p0<=r32p0
Arm Valhall Gpu Kernel Driver>=r19p0<r43p0
CVE-2022-46394
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through ...
Google Android
Arm Avalon Gpu Kernel Driver=r41p0
Arm Valhall Gpu Kernel Driver>=r39p0<=r41p0
CVE-2022-46395
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r...
Google Android
Arm Avalon Gpu Kernel Driver=r41p0
Arm Bifrost Gpu Kernel Driver>=r0p0<=r41p0
Arm Midguard Gpu Kernel Driver>=r0p0<=r32p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r41p0
Arm Midgard Gpu Kernel Driver>=r0p0<=r32p0
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to pre...
ARM mbed TLS<2.16.11
ARM mbed TLS>=2.17.0<2.27.0
ARM mbed TLS>=2.28.0<3.0.0
CVE-2022-46891
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This aff...
Arm Bifrost Gpu Kernel Driver>=r1p0<=r40p0
Arm Midgard Gpu Kernel Driver>=r13p0<=r32p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r40p0
Google Android
Arm Bifrost>=r1p0<=r40p0
Arm Midgard>=r13p0<=r32p0
and 1 more
CVE-2022-47630
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger da...
ARM Trusted Firmware-A>=1.2<=2.8
CVE-2022-48251
** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while pow...
Arm Cortex-a53 Firmware
Arm Cortex-a53
Arm Cortex-a55 Firmware
Arm Cortex-a55
Arm Cortex-a57 Firmware
Arm Cortex-a57
and 34 more
CVE-2022-46393
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is ena...
ARM mbed TLS<2.28.2
ARM mbed TLS>=3.0.0<3.3.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
CVE-2022-46392
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking...
ARM mbed TLS<2.28.2
ARM mbed TLS>=3.0.0<3.3.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
CVE-2022-42716
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This aff...
Arm Bifrost Gpu Kernel Driver>=r1p0<=r40p0
Arm Midguard Gpu Kernel Driver>=r4p0<=r32p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r40p0
Google Android
Arm Valhall Gpu Kernel Driver>=r29p0<=r40p0
CVE-2022-34830
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
=r11p0
=r12p0
CVE-2022-41757
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already fre...
Arm Valhall Gpu Kernel Driver>=r29p0<r38p2
Arm Valhall Gpu Kernel Driver=r39p0
Google Android
CVE-2022-38181
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Bifrost Gpu Kernel Driver>=r0p0<=r38p1
Arm Bifrost Gpu Kernel Driver=r39p0
Arm Midgard Gpu Kernel Driver>=r4p0<=r31p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r38p1
Arm Valhall Gpu Kernel Driver=r39p0
Arm Midguard Gpu Kernel Driver>=r4p0<=r31p0
and 2 more
CVE-2022-36449
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of b...
Google Android
Arm Bifrost>=r0p0<=r38p0
Arm Bifrost=r39p0
Arm Midgard>=r4p0<=r32p0
Arm Valhall>=r19p0<=r38p0
Arm Valhall=r39p0
CVE-2022-33917
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.
Arm Valhall Gpu Kernel Driver>=r29p0<=r38p0
Google Android
CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-...
ARM mbed TLS<2.28.1
ARM mbed TLS>=3.0.0<3.2.0
Debian Debian Linux=10.0
CVE-2022-28349
Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.
Arm Bifrost Gpu Kernel Driver>=r17p0<=r23p0
Arm Midguard Gpu Kernel Driver>=r28p0<=r29p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r23p0
Google Android
CVE-2022-28350
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.
Arm Valhall Gpu Kernel Driver>=r29p0<=r36p0
CVE-2022-28348
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-afte...
Arm Bifrost Gpu Kernel Driver>=r0p0<=r36p0
Arm Midguard Gpu Kernel Driver>=r4p0<=r31p0
Arm Valhall Gpu Kernel Driver>=r19p0<=r36p0
Google Android
Arm Midgard Gpu Kernel Driver>=r4p0<=r31p0
CVE-2021-27433
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash...
Arm Mbed Ualloc=1.3.0
Multiple Amazon FreeRTOS, Version 10.4.1
Multiple Apache Nuttx OS, Version 9.1.0
Multiple ARM CMSIS-RTOS2, versions prior to 2.1.3
Multiple ARM Mbed OS, Version 6.3.0
Multiple ARM mbed-ualloc, Version 1.3.0
and 24 more
CVE-2021-27435
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a rem...
ARM mbed=6.3.0
Multiple Amazon FreeRTOS, Version 10.4.1
Multiple Apache Nuttx OS, Version 9.1.0
Multiple ARM CMSIS-RTOS2, versions prior to 2.1.3
Multiple ARM Mbed OS, Version 6.3.0
Multiple ARM mbed-ualloc, Version 1.3.0
and 24 more
CVE-2021-27431
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpec...
Arm Cmsis-rtos<=2.1.3
Multiple Amazon FreeRTOS, Version 10.4.1
Multiple Apache Nuttx OS, Version 9.1.0
Multiple ARM CMSIS-RTOS2, versions prior to 2.1.3
Multiple ARM Mbed OS, Version 6.3.0
Multiple ARM mbed-ualloc, Version 1.3.0
and 24 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203