arm limited

Top products

The 15 most recently published vulnerabilities affecting arm limited.

• CVE-2025-0932Mali GPU Userspace Driver allows access to already freed memory4.3Aug 4, 2025
• CVE-2025-48965Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.4.0Jul 20, 2025
• CVE-2025-49087In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.4.0Jul 20, 2025
• CVE-2025-47917Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head...8.9Jul 20, 2025
• CVE-2025-49601In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on trunca...4.8Jul 4, 2025
• CVE-2025-49600In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fau...4.9Jul 4, 2025
• CVE-2025-52497Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.4.8Jul 4, 2025
• CVE-2025-52496Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM f...7.8Jul 4, 2025
• CVE-2025-27810Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading ...5.4Mar 25, 2025
• CVE-2025-27809Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_host...5.4Mar 25, 2025
• CVE-2025-0015Mali GPU Kernel Driver allows improper GPU processing operations7.8Feb 3, 2025
• CVE-2024-6790Mali GPU Kernel Driver can cause the whole system to become unresponsive6.1Feb 3, 2025
• CVE-2024-7881An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.5.1Jan 28, 2025
• CVE-2024-45157An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does n...5.1Sep 5, 2024
• CVE-2024-4610Mali GPU Kernel Driver allows improper GPU memory processing operationsKEV7.8Jun 7, 2024