Arm

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver

CVE-2023-5249 7 - High - February 05, 2024

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the systems memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.

Dangling pointer

Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2023-5643 7.8 - High - February 05, 2024

Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the systems memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.

Memory Corruption

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2

CVE-2024-23170 5.5 - Medium - January 31, 2024

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Side Channel Attack

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2

CVE-2024-23775 7.5 - High - January 31, 2024

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

Integer Overflow or Wraparound

An issue was discovered in Mbed TLS through 3.5.1

CVE-2023-52353 7.5 - High - January 21, 2024

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

Session Fixation

An issue was discovered in Mbed TLS 3.5.1

CVE-2024-23744 7.5 - High - January 21, 2024

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver

CVE-2023-5091 5.5 - Medium - January 08, 2024

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.

Dangling pointer

Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver

CVE-2023-32804 7.8 - High - December 04, 2023

Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0.

Memory Corruption

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2023-5427 7.8 - High - December 01, 2023

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.

Dangling pointer

A local non-privileged user can make improper GPU memory processing operations

CVE-2023-3889 7.8 - High - November 07, 2023

A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory.

Buffer Overflow

A local non-privileged user can make GPU processing operations

CVE-2023-4272 5.5 - Medium - November 07, 2023

A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.

A local non-privileged user

CVE-2023-4295 7.8 - High - November 07, 2023

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Integer Overflow or Wraparound

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

CVE-2023-43615 7.5 - High - October 07, 2023

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

Classic Buffer Overflow

Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow

CVE-2023-45199 9.8 - Critical - October 07, 2023

Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

Classic Buffer Overflow

A local non-privileged user can make improper GPU processing operations to exploit a software race condition

CVE-2023-33200 4.7 - Medium - October 03, 2023

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the systems memory is carefully prepared by the user, then this in turn could give them access to already freed memory.

Dangling pointer

A local non-privileged user

CVE-2023-34970 4.7 - Medium - October 03, 2023

A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the systems memory is carefully prepared by the user, then this in turn could give them access to already freed memory

Memory Corruption

A local non-privileged user

CVE-2023-4211 5.5 - Medium - October 01, 2023

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Dangling pointer

In Trusted Firmware-M through TF-Mv1.8.0, for platforms

CVE-2023-40271 7.5 - High - September 08, 2023

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.

Incorrect Comparison

When the installation directory does not have sufficiently restrictive file permissions, an attacker

CVE-2022-43701 7.8 - High - July 27, 2023

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Incorrect Default Permissions

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker

CVE-2022-43702 7.8 - High - July 27, 2023

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Incorrect Default Permissions

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

CVE-2022-43703 7.8 - High - July 27, 2023

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

DLL preloading

A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.

CVE-2023-26085 7.8 - High - June 29, 2023

A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.

Out-of-bounds Read

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2023-28469 5.5 - Medium - June 02, 2023

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2023-28147 5.5 - Medium - June 02, 2023

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.

An issue was discovered in the Arm Android Gralloc Module

CVE-2023-22808 3.3 - Low - April 11, 2023

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

Out-of-bounds Read

An issue was discovered in the Arm Mali Kernel Driver

CVE-2022-46396 3.3 - Low - April 11, 2023

An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.

Buffer Overflow

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2022-46781 3.3 - Low - April 06, 2023

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.

Buffer Overflow

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations

CVE-2023-26083 3.3 - Low - April 06, 2023

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

Memory Leak

The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data

CVE-2023-26084 3.7 - Low - March 15, 2023

The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.

Improper Initialization

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2022-46394 8.8 - High - March 08, 2023

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

Dangling pointer

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2022-46395 8.8 - High - March 06, 2023

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

Dangling pointer

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11

CVE-2021-36647 4.7 - Medium - January 17, 2023

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.

Use of a Broken or Risky Cryptographic Algorithm

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2022-46891 8.8 - High - January 17, 2023

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.

Dangling pointer

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates

CVE-2022-47630 7.4 - High - January 16, 2023

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.

Out-of-bounds Read

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0

CVE-2022-46392 5.3 - Medium - December 15, 2022

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Side Channel Attack

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0

CVE-2022-46393 9.8 - Critical - December 15, 2022

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

Out-of-bounds Read

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2022-42716 8.8 - High - December 12, 2022

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.

Dangling pointer

An Arm product family through 2022-06-29 has a TOCTOU Race Condition

CVE-2022-34830 7.5 - High - November 23, 2022

An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.

TOCTTOU

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2022-41757 8.8 - High - November 08, 2022

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled

CVE-2022-38181 8.8 - High - October 25, 2022

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

Dangling pointer

An issue was discovered in the Arm Mali GPU Kernel Driver

CVE-2022-36449 6.5 - Medium - September 01, 2022

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.

Dangling pointer

An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0)

CVE-2022-33917 5.5 - Medium - August 02, 2022

An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0

CVE-2022-35409 9.1 - Critical - July 15, 2022

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

Out-of-bounds Read

Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0

CVE-2022-28349 9.8 - Critical - May 19, 2022

Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.

Dangling pointer

Arm Mali GPU Kernel Driver

CVE-2022-28350 9.8 - Critical - May 19, 2022

Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.

Dangling pointer

Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0)

CVE-2022-28348 9.8 - Critical - May 19, 2022

Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.

Dangling pointer

ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function

CVE-2021-27431 9.8 - Critical - May 03, 2022

ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.

Integer Overflow or Wraparound

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs

CVE-2021-27433 9.8 - Critical - May 03, 2022

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Integer Overflow or Wraparound

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function

CVE-2021-27435 9.8 - Critical - May 03, 2022

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Integer Overflow or Wraparound

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.

CVE-2021-43666 7.5 - High - March 24, 2022

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages

CVE-2022-22706 7.8 - High - March 03, 2022

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.

Buffer Overflow

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition

CVE-2021-43619 7.8 - High - March 01, 2022

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

Classic Buffer Overflow

ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().

CVE-2021-44331 7.8 - High - February 28, 2022

ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().

Memory Corruption

ARM astcenc 3.2.0 is vulnerable to Buffer Overflow

CVE-2021-43086 9.8 - Critical - February 28, 2022

ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp".

Memory Corruption

Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0)

CVE-2021-44828 7.8 - High - January 14, 2022

Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.

Memory Corruption

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt

CVE-2021-45450 7.5 - High - December 21, 2021

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

Use of a Broken or Risky Cryptographic Algorithm

In Mbed TLS before 3.1.0, psa_aead_generate_nonce

CVE-2021-45451 7.5 - High - December 21, 2021

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

Use of a Broken or Risky Cryptographic Algorithm

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions

CVE-2021-44732 9.8 - Critical - December 20, 2021

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

Double-free

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS)

CVE-2020-36478 7.5 - High - August 23, 2021

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

Improper Certificate Validation

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS)

CVE-2020-36475 7.5 - High - August 23, 2021

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

Incorrect Calculation of Buffer Size

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS)

CVE-2020-36476 7.5 - High - August 23, 2021

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

Improper Removal of Sensitive Information Before Storage or Transfer

An issue was discovered in Mbed TLS before 2.24.0

CVE-2020-36477 5.9 - Medium - August 23, 2021

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).

Improper Certificate Validation

An issue was discovered in Arm Mbed TLS before 2.24.0

CVE-2020-36425 5.3 - Medium - July 19, 2021

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

Improper Certificate Validation

An issue was discovered in Arm Mbed TLS before 2.24.0

CVE-2020-36426 7.5 - High - July 19, 2021

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

Out-of-bounds Read

An issue was discovered in Arm Mbed TLS before 2.24.0

CVE-2020-36424 4.7 - Medium - July 19, 2021

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

Side Channel Attack

An issue was discovered in Arm Mbed TLS before 2.23.0

CVE-2020-36423 7.5 - High - July 19, 2021

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

Cleartext Transmission of Sensitive Information

An issue was discovered in Arm Mbed TLS before 2.23.0

CVE-2020-36421 5.3 - Medium - July 19, 2021

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

Side Channel Attack

An issue was discovered in Arm Mbed TLS before 2.23.0

CVE-2020-36422 5.3 - Medium - July 19, 2021

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

Side Channel Attack

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments

CVE-2021-24119 4.9 - Medium - July 14, 2021

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

Side Channel Attack

Potential speculative code store bypass in all supported CPU products

CVE-2021-26313 5.5 - Medium - June 09, 2021

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Side Channel Attack

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data

CVE-2021-26314 5.5 - Medium - June 09, 2021

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Side Channel Attack

. The Arm Mali GPU kernel driver allows an unprivileged user

CVE-2021-29256 8.8 - High - May 24, 2021

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

Dangling pointer

The Arm Mali GPU kernel driver

CVE-2021-28663 8.8 - High - May 10, 2021

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.

Dangling pointer

The Arm Mali GPU kernel driver

CVE-2021-28664 8.8 - High - May 10, 2021

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.

Memory Corruption

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0

CVE-2020-16150 5.5 - Medium - September 02, 2020

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

Side Channel Attack

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15

CVE-2020-10932 4.7 - Medium - April 15, 2020

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

Use of a Broken or Risky Cryptographic Algorithm

Arm Mbed TLS before 2.16.5

CVE-2020-10941 5.9 - Medium - March 24, 2020

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which

CVE-2019-18222 4.7 - Medium - January 23, 2020

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

Side Channel Attack

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might

CVE-2019-16910 5.3 - Medium - September 26, 2019

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

ARM Trusted Firmware-A

CVE-2018-19440 5.3 - Medium - January 30, 2019

ARM Trusted Firmware-A allows information disclosure.

Information Disclosure

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17

CVE-2018-19608 4.7 - Medium - December 05, 2018

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

Improper Privilege Management

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14

CVE-2018-0497 5.9 - Medium - July 28, 2018

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14

CVE-2018-0498 4.7 - Medium - July 28, 2018

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

Systems with microprocessors utilizing speculative execution and branch prediction may

CVE-2018-3693 5.6 - Medium - July 10, 2018

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

Systems with microprocessors utilizing speculative execution and

CVE-2018-3640 5.6 - Medium - May 22, 2018

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Side Channel Attack

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may

CVE-2018-3639 5.5 - Medium - May 22, 2018

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Side Channel Attack

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint()

CVE-2018-9989 7.5 - High - April 10, 2018

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

Out-of-bounds Read

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange()

CVE-2018-9988 7.5 - High - April 10, 2018

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

Out-of-bounds Read

Systems with microprocessors utilizing speculative execution may

CVE-2018-9056 5.6 - Medium - March 27, 2018

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.

Information Disclosure

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used

CVE-2018-0488 9.8 - Critical - February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Memory Corruption

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain

CVE-2018-0487 9.8 - Critical - February 13, 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Buffer Overflow

Systems with microprocessors utilizing speculative execution and indirect branch prediction may

CVE-2017-5754 5.6 - Medium - January 04, 2018

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Information Disclosure

Systems with microprocessors utilizing speculative execution and indirect branch prediction may

CVE-2017-5715 5.6 - Medium - January 04, 2018

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Side Channel Attack

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19

CVE-2017-2784 8.1 - High - April 20, 2017

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.

Improper Certificate Validation