Vulnerabilities > ARM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-24 | CVE-2021-43666 | A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. | 7.5 |
| 2022-03-13 | CVE-2022-23960 | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. | 5.6 |
| 2022-03-10 | CVE-2022-25368 | Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. | 1.9 |
| 2022-03-03 | CVE-2022-22706 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ARM Bifrost, Midgard and Valhall Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. | 7.8 |
| 2022-03-01 | CVE-2021-43619 | Classic Buffer Overflow vulnerability in ARM Trusted Firmware-M 1.4.0/1.4.1 Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. | 4.6 |
| 2022-02-28 | CVE-2021-44331 | Out-of-bounds Write vulnerability in ARM Adaptive Scalable Texture Compression Encoder 3.2.0 ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). | 6.8 |
| 2022-02-28 | CVE-2021-43086 | Out-of-bounds Write vulnerability in ARM Adaptive Scalable Texture Compression Encoder 3.2.0 ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. | 7.5 |
| 2022-01-14 | CVE-2021-44828 | Out-of-bounds Write vulnerability in ARM products Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes. | 7.8 |
| 2021-12-21 | CVE-2021-45450 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | 7.5 |
| 2021-12-21 | CVE-2021-45451 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | 7.5 |