Vulnerabilities > ARM

DATE CVE VULNERABILITY TITLE RISK
2020-11-12 CVE-2020-16273 Integer Underflow (Wrap or Wraparound) vulnerability in ARM Armv8-M Firmware
In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors.
local
low complexity
arm CWE-191
7.2
7.2
2020-09-02 CVE-2020-16150 Information Exposure Through Discrepancy vulnerability in multiple products
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information.
local
low complexity
arm fedoraproject debian CWE-203
5.5
5.5
2020-06-18 CVE-2020-12887 Memory Leak vulnerability in ARM Mbed-Coap 5.1.5
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5.
network
low complexity
arm CWE-401
5.0
5.0
2020-06-18 CVE-2020-12886 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
6.4
6.4
2020-06-18 CVE-2020-12885 Infinite Loop vulnerability in ARM Mbed OS 5.15.3
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-835
7.8
7.8
2020-06-18 CVE-2020-12884 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
6.4
6.4
2020-06-18 CVE-2020-12883 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ARM Mbed OS 5.15.3
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-119
6.4
6.4
2020-06-08 CVE-2020-13844 Information Exposure Through Discrepancy vulnerability in multiple products
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."
local
low complexity
arm opensuse CWE-203
2.1
2.1
2020-04-15 CVE-2020-10932 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15.
local
high complexity
arm fedoraproject debian CWE-203
4.7
4.7
2020-03-24 CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
network
high complexity
arm fedoraproject debian
5.9
5.9