Vulnerabilities > ARM > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-34830 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in ARM Utgard GPU Kernel Driver R11P0/R12P0
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
network
high complexity
arm CWE-367
7.5
2022-11-08 CVE-2022-41757 Unspecified vulnerability in ARM Valhall GPU Kernel Driver
An issue was discovered in the Arm Mali GPU Kernel Driver.
network
low complexity
arm
8.8
2022-10-25 CVE-2022-38181 Use After Free vulnerability in ARM products
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled.
network
low complexity
arm CWE-416
8.8
2022-03-24 CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
network
low complexity
arm debian
7.5
2022-03-03 CVE-2022-22706 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ARM Bifrost, Midgard and Valhall
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages.
local
low complexity
arm CWE-119
7.8
2022-03-01 CVE-2021-43619 Classic Buffer Overflow vulnerability in ARM Trusted Firmware-M 1.4.0/1.4.1
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition.
local
low complexity
arm CWE-120
7.8
2022-02-28 CVE-2021-44331 Out-of-bounds Write vulnerability in ARM Adaptive Scalable Texture Compression Encoder 3.2.0
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().
local
low complexity
arm CWE-787
7.8
2022-01-14 CVE-2021-44828 Out-of-bounds Write vulnerability in ARM products
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.
local
low complexity
arm CWE-787
7.8
2021-12-21 CVE-2021-45450 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
2021-12-21 CVE-2021-45451 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5