Vulnerabilities > ARM

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2023-26084 Improper Initialization vulnerability in ARM Aarch64Cryptolib
The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack.
network
high complexity
arm CWE-665
3.7
3.7
2023-03-08 CVE-2022-46394 Use After Free vulnerability in ARM products
An issue was discovered in the Arm Mali GPU Kernel Driver.
network
low complexity
arm CWE-416
8.8
8.8
2023-03-06 CVE-2022-46395 Use After Free vulnerability in ARM products
An issue was discovered in the Arm Mali GPU Kernel Driver.
network
low complexity
arm CWE-416
8.8
8.8
2023-01-17 CVE-2021-36647 Use of a Broken or Risky Cryptographic Algorithm vulnerability in ARM Mbed TLS
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
local
high complexity
arm CWE-327
4.7
4.7
2023-01-17 CVE-2022-46891 Use After Free vulnerability in ARM Bifrost, Midgard and Valhall
An issue was discovered in the Arm Mali GPU Kernel Driver.
network
low complexity
arm CWE-416
8.8
8.8
2023-01-16 CVE-2022-47630 Out-of-bounds Read vulnerability in ARM Trusted Firmware-A
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates.
network
high complexity
arm CWE-125
7.4
7.4
2023-01-10 CVE-2022-48251 Information Exposure Through Discrepancy vulnerability in ARM products
** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks.
network
low complexity
arm CWE-203
7.5
7.5
2022-12-15 CVE-2022-46392 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
high complexity
arm fedoraproject CWE-203
5.3
5.3
2022-12-15 CVE-2022-46393 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
low complexity
arm fedoraproject CWE-787
critical
 9.8
9.8
2022-12-12 CVE-2022-42716 Use After Free vulnerability in ARM products
An issue was discovered in the Arm Mali GPU Kernel Driver.
network
low complexity
arm CWE-416
8.8
8.8