CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34970 – Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://notcve.org/view.php?id=CVE-2023-34970
03 Oct 2023 — A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para acceder a una cantidad acotada fuera de los límites del búfer o para explotar una condición de ejecución del software. Si e... • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33200 – Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://notcve.org/view.php?id=CVE-2023-33200
03 Oct 2023 — A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para aprovechar una condición de carrera del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podría darle acceso a la memoria ya liberada. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 5.5EPSS: 12%CPEs: 4EXPL: 0CVE-2023-4211 – Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-4211
01 Oct 2023 — A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. Un usuario local sin privilegios puede realizar operaciones inadecuadas de procesamiento de la memoria de la GPU para obtener acceso a la memoria ya liberada. Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-40271
https://notcve.org/view.php?id=CVE-2023-40271
08 Sep 2023 — In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag d... • https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst • CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43703 – Incomplete verification of installation file signature
https://notcve.org/view.php?id=CVE-2022-43703
27 Jul 2023 — An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. • https://developer.arm.com/documentation/ka005596/latest • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-43702 – Incomplete verification of installation file signature
https://notcve.org/view.php?id=CVE-2022-43702
27 Jul 2023 — When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. • https://developer.arm.com/documentation/ka005596/latest • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-43701 – Insecure directory permissions on installer files
https://notcve.org/view.php?id=CVE-2022-43701
27 Jul 2023 — When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. • https://developer.arm.com/documentation/ka005596/latest • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26085
https://notcve.org/view.php?id=CVE-2023-26085
29 Jun 2023 — A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. • https://developer.arm.com/Arm%20Security%20Center • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28469
https://notcve.org/view.php?id=CVE-2023-28469
02 Jun 2023 — An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28147
https://notcve.org/view.php?id=CVE-2023-28147
01 Jun 2023 — An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities •