Vulnerabilities > ARM > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-44828 Out-of-bounds Write vulnerability in ARM products
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.
local
low complexity
arm CWE-787
7.8
7.8
2021-12-21 CVE-2021-45450 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-12-21 CVE-2021-45451 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-08-23 CVE-2020-36475 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-131
7.5
7.5
2021-08-23 CVE-2020-36476 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).
network
low complexity
arm debian CWE-212
7.5
7.5
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
7.5
2021-07-19 CVE-2020-36423 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-319
7.5
7.5
2021-07-19 CVE-2020-36426 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm debian CWE-125
7.5
7.5
2021-05-10 CVE-2021-28663 Use After Free vulnerability in ARM products
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free.
network
low complexity
arm CWE-416
8.8
8.8
2021-05-10 CVE-2021-28664 Out-of-bounds Write vulnerability in ARM products
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages.
network
low complexity
arm CWE-787
8.8
8.8