CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1CVE-2022-33917 – Arm Mali CSF VMA Split Mishandling
https://notcve.org/view.php?id=CVE-2022-33917
02 Aug 2022 — An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. Se ha detectado un problema en el controlador del kernel de la GPU Arm Mali (versiones Valhall r29p0 hasta r38p0). Un usuario no privilegiados puede realizar operaciones incorrectas de procesamiento de la GPU para conseguir acceso a la memoria ya liberada • https://packetstorm.news/files/id/168147 •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-35409 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2022-35409
15 Jul 2022 — An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using... • https://github.com/Mbed-TLS/mbedtls/releases • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28349
https://notcve.org/view.php?id=CVE-2022-28349
19 May 2022 — Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0. Arm Mali GPU Kernel Driver presenta una situación de uso de memoria previamente liberada: versiones Midgard r28p0 hasta r29p0 anteriores a r30p0, Bifrost r17p0 hasta r23p0 anteriores a r24p0, y Valhall r19p0 hasta r23p0 anteriores a r24p0 • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28350
https://notcve.org/view.php?id=CVE-2022-28350
19 May 2022 — Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation. Arm Mali GPU Kernel Driver permite que las operaciones inapropiadas de la GPU en versiones Valhall r29p0 hasta r36p0 anteriores a r37p0 lleguen a una situación de uso de memoria previamente liberada • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28348
https://notcve.org/view.php?id=CVE-2022-28348
19 May 2022 — Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation. Arm Mali GPU Kernel Driver (versiones Midgard r4p0 hasta r31p0, Bifrost r0p0 hasta r36p0 antes de r37p0, y Valhall r19p0 hasta r36p0 antes de r37p0) permite que las operaciones de memoria de la GPU inapropiadas lleguen a una situación de uso de memoria previamente liberada • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2021-27433 – ARM mbed-ualloc memory library Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2021-27433
03 May 2022 — ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. ARM mbed-ualloc memory library versión 1.3.0, es vulnerable a una envoltura de enteros en la función mbed_krbs, que puede conllevar a una asignación de memoria arbitraria, resultando en un comportamiento no esperado como un bloqueo o una inyección/ejecución de código remot... • https://github.com/ARMmbed/mbed-os/pull/14408 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27431 – ARM CMSIS RTOS2 Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2021-27431
03 May 2022 — ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. ARM CMSIS RTOS2 versiones anteriores a 2.1.3, son vulnerables a una envoltura de enteros en la función inosRtxMemoryAlloc (equivalente a malloc local), que puede conllevar a una asignación arbitraria de memoria, resultando en un comportamiento no esperado... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2021-27435 – ARM mbed Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2021-27435
03 May 2022 — ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. ARM mbed product versión 6.3.0, es vulnerable a una envoltura de enteros en la función "malloc_wrapper", que puede conllevar a una asignación de memoria arbitraria, resultando en un comportamiento no esperado como un bloqueo o una inyección/ejecución de código remota • https://github.com/ARMmbed/mbed-os/pull/14408 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43666 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2021-43666
24 Mar 2022 — A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. Se presenta una vulnerabilidad de denegación de servicio en mbed TLS 3.0.0 y anteriores, en la función mbedtls_pkcs12_derivation cuando la longitud de una contraseña de entrada es 0 Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected. • https://github.com/ARMmbed/mbedtls/issues/5136 •
CVSS: 4.7EPSS: 0%CPEs: 44EXPL: 0CVE-2022-25368
https://notcve.org/view.php?id=CVE-2022-25368
09 Mar 2022 — Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. Spectre BHB es una variante de Spectre-v2 en la que el código malicioso usa el historial de bifurcaciones compartido (almacenado en el BHB de la CPU)... • https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html •