Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Arm

Source -

CISACNA

BOS Name -

Arm Limited

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

9

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
17Vulnerabilities found
CVE-2025-7427
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 09:52
Updated-25 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in Arm Development Studio before 2025

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.

Action-Not Available
Vendor-Arm Limited
Product-Development Studio
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-7881
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.48%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 15:01
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.

Action-Not Available
Vendor-Arm Limited
Product-Neoverse V3Neoverse V3AECortex-X925Neoverse V2Cortex-X4Cortex-X3
CWE ID-CWE-1422
Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
CVE-2024-10929
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.48%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 16:05
Updated-22 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spectre-BSE

In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history.

Action-Not Available
Vendor-Arm Limited
Product-Cortex-A57Cortex-A72Cortex-A73Cortex-A75
CWE ID-CWE-1423
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
CVE-2024-11864
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.27%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 13:46
Updated-14 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SCP-Firmware Vulnerability

Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP

Action-Not Available
Vendor-Arm Limited
Product-SCP-Firmware
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-11863
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.42%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 13:45
Updated-14 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SCP-Firmware Vulnerability

Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP

Action-Not Available
Vendor-Arm Limited
Product-SCP-Firmware
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-5660
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.20%
||
7 Day CHG+0.02%
Published-10 Dec, 2024 | 13:55
Updated-16 Dec, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.

Action-Not Available
Vendor-Arm Limited
Product-Cortex-X1Neoverse N2Cortex-A77Cortex-X2Cortex-A78Neoverse V3Cortex-X4Cortex-78CCortex-A710Cortex-X3Cortex-X1CCortex-X925Neoverse V2Neoverse V1Cortex-A78AENeoverse V3AE
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2024-9413
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-8||HIGH
EPSS-0.12% / 32.26%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 16:09
Updated-27 Nov, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.

Action-Not Available
Vendor-Arm Limited
Product-SCP-Firmwarescp-firmware
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-4610
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-7.4||HIGH
EPSS-0.46% / 63.21%
||
7 Day CHG+0.02%
Published-07 Jun, 2024 | 11:25
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-07-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

Action-Not Available
Vendor-Arm Limited
Product-bifrost_gpu_kernel_drivervalhall_gpu_kernel_driverValhall GPU Kernel DriverBifrost GPU Kernel Driverbifrost_gpu_kernel_drivervalhall_gpu_kernel_driverMali GPU Kernel Driver
CWE ID-CWE-416
Use After Free
CVE-2024-0151
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 17:12
Updated-09 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.

Action-Not Available
Vendor-Arm Limited
Product-Arm v8-M Security Extensions Requirements on Development Toolsarmv8-m
CWE ID-CWE-241
Improper Handling of Unexpected Data Type
CVE-2023-4211
Assigner-Arm Limited
ShareView Details
Assigner-Arm Limited
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.92%
||
7 Day CHG~0.00%
Published-01 Oct, 2023 | 17:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-24||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Action-Not Available
Vendor-Arm Limited
Product-midgard_gpu_kernel_driverbifrost_gpu_kernel_drivervalhall_gpu_kernel_driver5th_gen_gpu_architecture_kernel_driverValhall GPU Kernel DriverMidgard GPU Kernel DriverBifrost GPU Kernel DriverArm 5th Gen GPU Architecture Kernel DriverMali GPU Kernel Driver
CWE ID-CWE-416
Use After Free
CVE-2023-26083
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.36% / 57.08%
||
7 Day CHG-0.03%
Published-06 Apr, 2023 | 00:00
Updated-30 Jul, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-04-28||Apply updates per vendor instructions.

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

Action-Not Available
Vendor-n/aArm Limited
Product-bifrost_gpu_kernel_drivervalhall_gpu_kernel_drivermidgard_gpu_kernel_driver5th_gen_gpu_architecture_kernel_drivern/aMali Graphics Processing Unit (GPU)
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-38181
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-20.55% / 95.36%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-04-20||Apply updates per vendor instructions.

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

Action-Not Available
Vendor-n/aArm Limited
Product-bifrost_gpu_kernel_drivermidgard_gpu_kernel_drivervalhall_gpu_kernel_drivern/aMali Graphics Processing Unit (GPU)
CWE ID-CWE-416
Use After Free
CVE-2022-22706
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.26%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 14:27
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-04-20||Apply updates per vendor instructions.

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.

Action-Not Available
Vendor-n/aArm Limited
Product-midgard_gpu_kernel_driverbifrost_gpu_kernel_drivervalhall_gpu_kernel_drivern/aMali Graphics Processing Unit (GPU)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-27562
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-72.20% / 98.69%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 18:27
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.

Action-Not Available
Vendor-n/aArm Limited
Product-trusted_firmware-mn/aTrusted Firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29256
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.78%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 17:56
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-28||Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

Action-Not Available
Vendor-n/aArm Limited
Product-midgard_gpu_kernel_driverbifrost_gpu_kernel_drivervalhall_gpu_kernel_drivern/aMali Graphics Processing Unit (GPU)
CWE ID-CWE-416
Use After Free
CVE-2021-28664
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.80%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 00:00
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.

Action-Not Available
Vendor-n/aArm Limited
Product-bifrost_gpu_kernel_drivermidgard_gpu_kernel_drivervalhall_gpu_kernel_drivern/aMali Graphics Processing Unit (GPU)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28663
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.29% / 91.29%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 00:00
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.

Action-Not Available
Vendor-n/aArm Limited
Product-midgard_gpu_kernel_driverbifrost_gpu_kernel_drivervalhall_gpu_kernel_drivern/abifrost_gpu_kernel_drivervalhall_gpu_kernel_drivermidgard_gpu_kernel_driverMali Graphics Processing Unit (GPU)
CWE ID-CWE-416
Use After Free