Filtered by vendor Arm Subscriptions
Total 138 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-23960 4 Arm, Debian, Redhat and 1 more 45 Cortex-a57, Cortex-a57 Firmware, Cortex-a65 and 42 more 2024-11-21 5.6 Medium
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
CVE-2022-22706 1 Arm 3 Bifrost, Midgard, Valhall 2024-11-21 7.8 High
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
CVE-2021-45451 2 Arm, Fedoraproject 2 Mbed Tls, Fedora 2024-11-21 7.5 High
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
CVE-2021-45450 2 Arm, Fedoraproject 2 Mbed Tls, Fedora 2024-11-21 7.5 High
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
CVE-2021-44828 1 Arm 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 7.8 High
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.
CVE-2021-44732 2 Arm, Debian 2 Mbed Tls, Debian Linux 2024-11-21 9.8 Critical
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
CVE-2021-44331 1 Arm 1 Adaptive Scalable Texture Compression Encoder 2024-11-21 7.8 High
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().
CVE-2021-43666 2 Arm, Debian 2 Mbed Tls, Debian Linux 2024-11-21 7.5 High
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
CVE-2021-43086 1 Arm 1 Adaptive Scalable Texture Compression Encoder 2024-11-21 9.8 Critical
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp".
CVE-2021-36647 1 Arm 1 Mbed Tls 2024-11-21 4.7 Medium
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
CVE-2021-35465 1 Arm 8 China Star-mc1, China Star-mc1 Firmware, Cortex-m33 and 5 more 2024-11-21 3.4 Low
Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).
CVE-2021-29256 1 Arm 3 Bifrost, Midgard, Valhall 2024-11-21 8.8 High
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
CVE-2021-28664 1 Arm 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 8.8 High
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.
CVE-2021-28663 1 Arm 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 8.8 High
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
CVE-2021-27562 1 Arm 1 Trusted Firmware M 2024-11-21 5.5 Medium
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
CVE-2021-27435 1 Arm 1 Mbed 2024-11-21 7.3 High
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27433 1 Arm 1 Mbed Ualloc 2024-11-21 7.3 High
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27431 1 Arm 1 Cmsis-rtos 2024-11-21 7.3 High
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
CVE-2021-26314 6 Amd, Arm, Broadcom and 3 more 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more 2024-11-21 5.5 Medium
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
CVE-2021-26313 6 Amd, Arm, Broadcom and 3 more 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more 2024-11-21 5.5 Medium
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.