CVE-2024-7883 – CMSE secure state may leak from stack to floating-point registers
https://notcve.org/view.php?id=CVE-2024-7883
When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers. • https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVE-2024-4610 – Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-4610
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0. Vulnerabilidad de Use After Free en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU incorrectas para obtener acceso a la memoria ya liberada. Este problema afecta al controlador Bifrost GPU Kernel: de r34p0 a través de r40p0; Controlador del kernel de GPU Valhall: desde r34p0 hasta r40p0. Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVE-2024-0151
https://notcve.org/view.php?id=CVE-2024-0151
Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state. La comprobación insuficiente de argumentos en las funciones de entrada de estado seguro en el software que utiliza Extensiones de seguridad Cortex-M (CMSE), que se ha compilado utilizando cadenas de herramientas que implementan los 'Requisitos de extensiones de seguridad Arm v8-M en herramientas de desarrollo' anteriores a la versión 1.4, permite que un atacante pase valores al estado Seguro que están fuera del rango para tipos menores de 32 bits. Los valores fuera de rango pueden provocar operaciones incorrectas en estado seguro debido. • https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions • CWE-241: Improper Handling of Unexpected Data Type •
CVE-2023-5249 – Mali GPU Kernel Driver allows improper GPU memory processing operations
https://notcve.org/view.php?id=CVE-2023-5249
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0. Vulnerabilidad de Use After Free en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria inadecuadas para explotar una condición de ejecución del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez provocará un use-after-free. Este problema afecta al controlador del kernel de GPU Bifrost: de r35p0 a r40p0; Controlador del kernel de GPU Valhall: desde r35p0 hasta r40p0. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVE-2023-5643 – Mali GPU Kernel Driver allows improper GPU memory processing operations
https://notcve.org/view.php?id=CVE-2023-5643
Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system’s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0. Vulnerabilidad de escritura fuera de los límites en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU inadecuadas. Dependiendo de la configuración del controlador del kernel de GPU de Mali, y si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podría escribir en la memoria fuera de los límites del búfer. Este problema afecta al controlador del kernel de GPU Bifrost: desde r41p0 hasta r45p0; Controlador del kernel de GPU Valhall: desde r41p0 hasta r45p0; Controlador del kernel de arquitectura de GPU Arm de quinta generación: desde r41p0 hasta r45p0. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-787: Out-of-bounds Write •