Filtered by vendor Arm Subscriptions
Total 138 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-22808 1 Arm 3 Avalon Android Gralloc Module, Bifrost Android Gralloc Module, Valhall Android Gralloc Module 2024-11-21 3.3 Low
An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.
CVE-2022-48251 1 Arm 20 Cortex-a53, Cortex-a53 Firmware, Cortex-a55 and 17 more 2024-11-21 7.5 High
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."
CVE-2022-46781 1 Arm 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 3.3 Low
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.
CVE-2022-46396 1 Arm 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 3.3 Low
An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.
CVE-2022-46394 1 Arm 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 8.8 High
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.
CVE-2022-46393 2 Arm, Fedoraproject 2 Mbed Tls, Fedora 2024-11-21 9.8 Critical
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
CVE-2022-46392 2 Arm, Fedoraproject 2 Mbed Tls, Fedora 2024-11-21 5.3 Medium
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
CVE-2022-43703 1 Arm 2 Arm Development Studio, Ds Development Studio 2024-11-21 7.8 High
An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.
CVE-2022-43701 1 Arm 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more 2024-11-21 7.8 High
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
CVE-2022-42716 1 Arm 1 Valhall Gpu Kernel Driver 2024-11-21 8.8 High
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.
CVE-2022-41757 1 Arm 1 Valhall Gpu Kernel Driver 2024-11-21 8.8 High
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.
CVE-2022-38181 1 Arm 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 8.8 High
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
CVE-2022-36449 1 Arm 3 Bifrost, Midgard, Valhall 2024-11-21 6.5 Medium
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
CVE-2022-35409 2 Arm, Debian 2 Mbed Tls, Debian Linux 2024-11-21 9.1 Critical
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
CVE-2022-34830 1 Arm 1 Utgard Gpu Kernel Driver 2024-11-21 7.5 High
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
CVE-2022-33917 1 Arm 1 Valhall Gpu Kernel Driver 2024-11-21 5.5 Medium
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.
CVE-2022-28350 1 Arm 1 Valhall Gpu Kernel Driver 2024-11-21 9.8 Critical
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.
CVE-2022-28349 1 Arm 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 9.8 Critical
Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.
CVE-2022-28348 1 Arm 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 9.8 Critical
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.
CVE-2022-25368 2 Amperecomputing, Arm 44 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 41 more 2024-11-21 4.7 Medium
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.