CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22808
https://notcve.org/view.php?id=CVE-2023-22808
An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46781
https://notcve.org/view.php?id=CVE-2022-46781
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 6%CPEs: 4EXPL: 0CVE-2023-26083 – Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26083
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities https://www.cybersecurity-help.cz/vdb/SB2023033049 https://www.cybersecurity-help.cz/vulnerabilities/74210 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26084
https://notcve.org/view.php?id=CVE-2023-26084
The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable. • https://github.com/ARM-software/AArch64cryptolib/security/advisories/GHSA-47c6-7x5x-r74g • CWE-665: Improper Initialization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46394
https://notcve.org/view.php?id=CVE-2022-46394
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities https://developer.arm.com/support/arm-security-updates • CWE-416: Use After Free •