CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46891
https://notcve.org/view.php?id=CVE-2022-46891
17 Jan 2023 — An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0. Se descubrió un problema en el controlador del kernel de GPU Arm Mali. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47630
https://notcve.org/view.php?id=CVE-2022-47630
16 Jan 2023 — Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state. Trusted Firmware-A hasta su versión 2.8 tiene una lectura fuera de los límites en el analizador X.509 para analizar los certificados de arranque. Esto afecta el uso posterior de get_ext y auth_nvctr. • http://www.openwall.com/lists/oss-security/2023/01/16/8 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2022-48251
https://notcve.org/view.php?id=CVE-2022-48251
10 Jan 2023 — The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." • https://eprint.iacr.org/2022/230 • CWE-203: Observable Discrepancy •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46392 – Gentoo Linux Security Advisory 202409-14
https://notcve.org/view.php?id=CVE-2022-46392
15 Dec 2022 — An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. Se descubrió un problema en Mbed TLS anterior a 2.28.2 y 3.x anterior a 3.3.0. Un adversario con acces... • https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46393 – Gentoo Linux Security Advisory 202409-14
https://notcve.org/view.php?id=CVE-2022-46393
15 Dec 2022 — An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. Se descubrió un problema en Mbed TLS anterior a 2.28.2 y 3.x anterior a 3.3.0. Existe un posible desbordamiento de búfer de almacenamiento dinámico y una sobrelectura de búfer de almacenamiento dinámico en DTLS si MBEDTLS_SSL_DTLS_CONNECTION... • https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42716 – Arm Mali CSF KBASE_REG_NO_USER_FREE Unsafe Use Use-After-Free
https://notcve.org/view.php?id=CVE-2022-42716
12 Dec 2022 — An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0. Se descubrió un problema en el controlador del kernel de GPU Arm Mali. • https://packetstorm.news/files/id/170420 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34830
https://notcve.org/view.php?id=CVE-2022-34830
23 Nov 2022 — An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. Una familia de productos Arm hasta el 29 de junio de 2022 tiene una condición de ejecución TOCTOU que permite a usuarios sin privilegios realizar operaciones de procesamiento de GPU incorrectas para obtener acceso a la memoria ya liberada. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41757
https://notcve.org/view.php?id=CVE-2022-41757
08 Nov 2022 — An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. Se descubrió un problema en Arm Mali GPU Kernel Driver. Un usuario sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para obtener acceso de escritura a la memoria de solo lectura y obtener acce... • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-123: Write-what-where Condition •
CVSS: 9.0EPSS: 20%CPEs: 5EXPL: 5CVE-2022-38181 – Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-38181
25 Oct 2022 — The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0. Un controlador del kernel de la GPU del correo de la familia de productos Arm versiones hasta 12-08-2022, permite a usuarios no privilegiados realizar operaciones de procesamiento de la GPU inapropiadas para conseguir acceso a la memoria ya liberada Arm Mali GPU... • https://packetstorm.news/files/id/172854 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 4CVE-2022-36449 – Arm Mali Race Condition
https://notcve.org/view.php?id=CVE-2022-36449
01 Sep 2022 — An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. Se ha detectado un problema en el controlador del kernel de la GPU Arm Mali. Un usuario no privilegiado pue... • https://packetstorm.news/files/id/168433 • CWE-416: Use After Free •