Vulnerabilities > ARM

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-28349 Use After Free vulnerability in ARM products
Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.
network
low complexity
arm CWE-416
critical
10.0
2022-05-19 CVE-2022-28350 Use After Free vulnerability in ARM Valhall GPU Kernel Driver R34P0
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.
network
low complexity
arm CWE-416
critical
10.0
2022-05-19 CVE-2022-28348 Use After Free vulnerability in ARM products
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.
network
low complexity
arm CWE-416
critical
10.0
2022-05-03 CVE-2021-27431 Integer Overflow or Wraparound vulnerability in ARM Cmsis-Rtos
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
network
low complexity
arm CWE-190
7.5
2022-05-03 CVE-2021-27433 Integer Overflow or Wraparound vulnerability in ARM Mbed Ualloc 1.3.0
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
network
low complexity
arm CWE-190
7.5
2022-05-03 CVE-2021-27435 Integer Overflow or Wraparound vulnerability in ARM Mbed 6.3.0
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
network
low complexity
arm CWE-190
7.5
2022-03-24 CVE-2021-43666 Unspecified vulnerability in ARM Mbed TLS
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
network
low complexity
arm
5.0
2022-03-13 CVE-2022-23960 Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB.
local
xen arm
1.9
2022-03-10 CVE-2022-25368 Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. 1.9
2022-03-03 CVE-2022-22706 Unspecified vulnerability in ARM Bifrost, Midgard and Valhall
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages.
local
low complexity
arm
4.6