cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0015,https://securityvulnerability.io/vulnerability/CVE-2025-0015,Use After Free Vulnerability in Arm Ltd Valhall GPU Kernel Driver,"A Use After Free vulnerability in the Valhall and 5th Gen GPU Kernel Drivers provided by Arm Ltd allows local non-privileged user processes to improperly perform GPU operations. This flaw can lead to the exploitation of freed memory, potentially compromising system integrity and security. The affected driver versions range from r48p0 to r52p0, highlighting the necessity for users to ensure their systems are updated to mitigate any risks associated with this vulnerability.",Arm Ltd,"Valhall Gpu Kernel Driver,Arm 5th Gen Gpu Architecture Kernel Driver",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T10:21:12.696Z,0
CVE-2024-6790,https://securityvulnerability.io/vulnerability/CVE-2024-6790,Loop with Unreachable Exit Condition in Arm Ltd GPU Drivers,"A vulnerability present in the Arm Ltd Bifrost, Valhall, and 5th Gen GPU kernel drivers allows non-privileged user processes to perform valid GPU memory operations via WebGL or WebGPU. This can result in an infinite loop scenario, causing the entire system to become unresponsive. The affected driver versions range from r44p1 and include various updates between r46p0 and r51p0. This issue underscores the importance of timely updates to maintain system stability.",Arm Ltd,"Bifrost Gpu Kernel Driver,Valhall Gpu Kernel Driver,Arm 5th Gen Gpu Architecture Kernel Driver",4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T10:18:55.087Z,202
CVE-2024-7881,https://securityvulnerability.io/vulnerability/CVE-2024-7881,Memory Prefetch Vulnerability in ARM Processors,"A memory prefetch vulnerability exists in certain ARM processors, allowing an unprivileged context to exploit the data memory-dependent prefetch engine. This flaw can trigger the engine to fetch contents from privileged locations, potentially leading to unauthorized data access. When exploited, attackers can dereference these contents, posing significant security risks to systems using affected ARM CPUs.",Arm,"Neoverse V2,Neoverse V3,Neoverse V3ae,Cortex-x3,Cortex-x4,Cortex-x925",5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T15:01:44.445Z,188
CVE-2024-10929,https://securityvulnerability.io/vulnerability/CVE-2024-10929,Weakness in Arm Cortex Processors Allowing Potential Control Over Branch History,"Certain versions of Arm Cortex-A72, Cortex-A73, and Cortex-A75 processors may be susceptible to a vulnerability that can allow an adversary to gain a weak form of control over branch history. This can potentially enable exploitation scenarios that compromise the integrity of execution flow on affected devices, emphasizing the importance of patching and security best practices in critical systems.",Arm,"Cortex-a72,Cortex-a73,Cortex-a75",5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T16:05:35.528Z,0
CVE-2024-11864,https://securityvulnerability.io/vulnerability/CVE-2024-11864,SCP Firmware Vulnerability in ARM Products,"A vulnerability has been identified in the ARM SCP-Firmware, where specially crafted SCMI messages can prompt a Usage Fault, potentially leading to a crash of the System Control Processor (SCP). This issue affects SCP-Firmware release versions up to and including 2.15.0, thereby posing a significant risk to the stability of systems utilizing this firmware. Users of the affected versions are advised to assess their systems and apply necessary updates to mitigate potential disruptions.",ARM,SCP-Firmware,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-11863,https://securityvulnerability.io/vulnerability/CVE-2024-11863,SCMI Message Vulnerability in SCP-Firmware by ARM,"This vulnerability arises from the processing of specifically crafted SCMI messages sent to an SCP operating on SCP-Firmware versions up to and including 2.15.0. Such messages can trigger a Usage Fault, leading to a potential crash of the SCP, impacting overall system stability and security.",ARM,SCP-Firmware,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-5660,https://securityvulnerability.io/vulnerability/CVE-2024-5660,Bypass of Stage-2 translation and/or GPT protection via Hardware Page Aggregation and Stage-1 and/or Stage-2 translation on select processors,"Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.",Arm,"Cortex-a77,Neoverse V1,Cortex-a78ae,Cortex-78c,Cortex-x1c,Cortex-a78,Cortex-x1,Neoverse N2,Cortex-a710,Cortex-x2,Neoverse V2,Cortex-x3,Neoverse V3ae,Neoverse V3,Cortex-x4,Cortex-x925",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T13:55:44.488Z,445
CVE-2024-48986,https://securityvulnerability.io/vulnerability/CVE-2024-48986,Buffer Overflow Vulnerability in MBed OS 6.16.0 Affecting HCI Packet Processing,"A buffer overflow vulnerability exists in MBed OS 6.16.0 due to a flaw in the HCI parsing logic. The software dynamically calculates the length of specific HCI packets based on a byte in the packet header. This calculation may lead to the allocation of an insufficiently sized buffer based on events triggered during packet processing. As a result, the data copied during write operations could exceed the buffer's allocated size, potentially resulting in a denial of service situation. While this vulnerability provides an opportunity for exploitation, the dynamic nature of the buffer allocation limits the ability to compromise the entire system further.",Arm,Mbed,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-20T21:15:00.000Z,0
CVE-2024-48984,https://securityvulnerability.io/vulnerability/CVE-2024-48984,Buffer Overflow Vulnerability in MBed OS by Arm,"A buffer overflow vulnerability has been identified in MBed OS 6.16.0, where the hci parsing logic fails to validate the integrity of report data. During the processing of hci reports, the software dynamically reads byte lengths which are essential for allocating appropriate buffers for each report. However, this mechanism does not adequately ensure that the allocated memory boundaries are respected. In certain scenarios, this oversight could allow for the overwriting of report length fields, leading to potential exploitation through crafted inputs that result in memory corruption and data access violations.",Arm,MBed OS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-20T21:15:00.000Z,0
CVE-2024-48982,https://securityvulnerability.io/vulnerability/CVE-2024-48982,Buffer Overflow and Integer Overflow Vulnerability in MBed OS by Arm,"In MBed OS version 6.16.0, a vulnerability exists in the hci parsing software that improperly assumes the length of certain hci packets will always be three bytes or greater. When a packet length less than three is supplied, it triggers a buffer overflow due to insufficient validation of the packet length. Additionally, the vulnerability allows for an integer overflow by supplying excessively large length values, as the system increases the received length for accounting additional data. This flaw can be easily exploited for denial of service purposes, although it does not definitively lead to a complete system failure. Furthermore, the dynamically allocated buffer limits the extent of potential exploitation.",Arm,Mbed,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-20T21:15:00.000Z,0
CVE-2024-48983,https://securityvulnerability.io/vulnerability/CVE-2024-48983,Buffer Overflow Vulnerability in MBed OS from Arm,"A vulnerability in MBed OS 6.16.0 can lead to a buffer overflow when processing HCI packets. The software calculates the length of packet data based on two bytes from the packet header, allocating a buffer to accommodate the entire packet's size, which includes the packet body and the header. Due to a flaw in this length calculation, an integer overflow could occur, resulting in a dynamically allocated buffer that is insufficient to hold the packet, potentially leading to a buffer overflow of up to 65 KB. While this vulnerability is primarily exploitable for causing denial of service, its exploitability is limited due to the dynamic nature of the buffer allocation.",Arm,Mbed,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-20T20:15:00.000Z,0
CVE-2024-48981,https://securityvulnerability.io/vulnerability/CVE-2024-48981,Buffer Overflow Vulnerability in MBed OS 6.16.0 by Arm,"A buffer overflow vulnerability has been identified in MBed OS version 6.16.0, specifically during the processing of HCI packets. The implementation improperly handles packet header lengths by dynamically determining them based on the first identifying byte. However, in cases where the identifier is invalid, the parsing mechanism fails to discard and does not provide a safe default for unknown packet lengths. This oversight can be exploited to achieve arbitrary write operations by manipulating pointers to unallocated buffers, enabling an attacker to overwrite crucial state variables and potentially modify the function's flow during packet parsing. Such exploitation can lead to significant security risks, including unauthorized access and system compromise.",Arm,Mbed,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-20T20:15:00.000Z,0
CVE-2024-48985,https://securityvulnerability.io/vulnerability/CVE-2024-48985,Buffer Overflow in MBed OS 6.16.0 by Arm,"In MBed OS 6.16.0, an issue was found during the processing of HCI packets. The software reads two bytes from the packet data to dynamically determine the length of the packet body, leading to an allocated buffer intended to store the complete packet. However, if the allocation fails due to excessive size requirements, no exception handling is implemented. Consequently, the function hciTrSerialRxIncoming continues to write beyond the intended bounds into a temporary 4-byte header buffer. This behavior exposes the system to potential buffer overflow vulnerabilities. An attacker can exploit this flaw to achieve arbitrary write capabilities, potentially compromising the integrity of the system by overwriting critical pointers and state variables during the parsing process of packet data.",Arm,Mbed,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-20T20:15:00.000Z,0
CVE-2024-9413,https://securityvulnerability.io/vulnerability/CVE-2024-9413,Buffer Overflow Risk in SCP-Firmware by ARM,"The transport_message_handler function within the SCP-Firmware versions 2.11.0 to 2.15.0 fails to manage errors effectively, creating a scenario where an Application Processor (AP) may exploit this inadequacy to induce a buffer overflow in the System Control Processor (SCP) firmware. This vulnerability raises significant concerns regarding the overall security posture of systems relying on affected versions, placing sensitive data and device functionality at risk. Implementing robust error handling measures and updating to the latest firmware versions is essential for safeguarding against potential exploitation.",ARM,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T17:15:00.000Z,0
CVE-2024-7883,https://securityvulnerability.io/vulnerability/CVE-2024-7883,Leakage of Secure Stack Contents in Arm Cortex-M Devices,"Certain implementations of the Arm Cortex-M Security Extensions face a vulnerability where secure stack contents can be inadvertently exposed to non-secure states when floating-point values are returned during a function call. This issue arises specifically from the initial usage of floating-point operations after entering the secure state and is attributed to code generated with LLVM-based compilers. As a result, attackers may gain access to limited secure stack data, which poses a potential risk to data confidentiality.",Arm Holdings,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-31T17:15:00.000Z,0
CVE-2024-3655,https://securityvulnerability.io/vulnerability/CVE-2024-3655,Use After Free vulnerability affects Arm Ltd GPU Kernel Drivers,"Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.",Arm Ltd,"Bifrost Gpu Kernel Driver,Valhall Gpu Kernel Driver,Arm 5th Gen Gpu Architecture Kernel Driver",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-03T09:32:48.831Z,0
CVE-2024-4607,https://securityvulnerability.io/vulnerability/CVE-2024-4607,Use After Free Vulnerability Affects Arm Ltd GPU Drivers,"A Use After Free vulnerability exists in various GPU Kernel Drivers provided by Arm Ltd, including the Bifrost, Valhall, and the 5th Gen GPU Architecture drivers. This vulnerability enables local non-privileged users to execute improper memory operations, potentially leading to access to freed memory segments. The affected driver versions range from r41p0 to r49p0, posing a security risk related to memory management mishandling within the GPU architecture.",Arm Ltd,"Bifrost Gpu Kernel Driver,Valhall Gpu Kernel Driver,Arm 5th Gen Gpu Architecture Kernel Driver",7.8,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-08-05T11:33:31.766Z,0
CVE-2024-2937,https://securityvulnerability.io/vulnerability/CVE-2024-2937,Use After Free Vulnerability Affects Konami GPU Kernel Drivers,"A use after free vulnerability exists in the Arm Bifrost and Valhall GPU kernel drivers, which creates a potential risk for local non-privileged users. This vulnerability can be exploited to conduct improper GPU memory processing operations, allowing access to memory that has already been freed. Affected versions include Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver, and Arm 5th Gen GPU Architecture Kernel Driver, all spanning from r41p0 to r49p0. Users of these products should evaluate the associated risks and take necessary precautions to mitigate potential impacts from this vulnerability.",Arm Ltd,"Bifrost Gpu Kernel Driver,Valhall Gpu Kernel Driver,Arm 5th Gen Gpu Architecture Kernel Driver",7.8,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-08-05T11:31:07.833Z,0
CVE-2024-0153,https://securityvulnerability.io/vulnerability/CVE-2024-0153,Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability Affects Arm Ltd Valhall GPU Firmware and Arm 5th Gen GPU Architecture Firmware,"Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0.",Arm Ltd,"Valhall Gpu Firmware,Arm 5th Gen Gpu Architecture Firmware",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T09:05:40.172Z,0
CVE-2024-4610,https://securityvulnerability.io/vulnerability/CVE-2024-4610,Use After Free Vulnerability Affects Arm Ltd Bifrost GPU Kernel Driver,"The vulnerability in Arm Ltd's Bifrost and Valhall GPU Kernel Drivers is classified as a Use After Free issue, which permits local non-privileged users to execute improper memory operations. This flaw can lead to unauthorized access to memory that has already been freed, posing risks to the integrity and confidentiality of system operations. Affected versions include Bifrost GPU Kernel Driver from r34p0 to r40p0 and Valhall GPU Kernel Driver from r34p0 to r40p0. Users and administrators are encouraged to address this vulnerability to protect their systems from potential exploitation. For more information and updates, refer to the Arm Security Center.",Arm Ltd,"Bifrost Gpu Kernel Driver,Valhall Gpu Kernel Driver",7.8,HIGH,0.15861999988555908,true,2024-06-12T00:00:00.000Z,true,false,true,2024-06-11T07:37:41.000Z,,false,false,,2024-06-07T11:25:08.378Z,0
CVE-2024-1067,https://securityvulnerability.io/vulnerability/CVE-2024-1067,Use After Free Vulnerability in Arm Ltd GPU Kernel Drivers,"A use after free vulnerability exists in Arm Ltd's GPU Kernel Drivers, including the Bifrost, Valhall, and 5th Gen GPU architecture. This flaw permits local non-privileged users to manipulate GPU memory improperly, which could lead to unauthorized access to userspace memory of other processes. The issue surfaces under specific configurations of the Linux kernel paired with the Mali GPU kernel driver on Armv8.0 cores. Users of versions r41p0 through r47p0 for these drivers should remain vigilant for potential memory safety risks.",Arm Ltd,Mali GPU Kernel Driver,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-03T14:15:00.000Z,0
CVE-2024-1395,https://securityvulnerability.io/vulnerability/CVE-2024-1395,Use After Free Vulnerability in Arm 5th Gen GPU Architecture Kernel Driver,"A Use After Free vulnerability in the Arm 5th Gen GPU Architecture Kernel Driver permits a local non-privileged user to conduct improper memory processing operations. By meticulously preparing the system's memory, an attacker could exploit this flaw to gain unauthorized access to memory that has already been freed, potentially leading to undesired behaviors and information disclosure.",Arm Ltd,Arm 5th Gen GPU Architecture Kernel Driver,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-03T14:15:00.000Z,0
CVE-2023-6363,https://securityvulnerability.io/vulnerability/CVE-2023-6363,Use After Free Vulnerability in Arm Ltd Valhall GPU Kernel Driver,"A use after free vulnerability has been identified in the Valhall GPU Kernel Driver by Arm Ltd, where a local non-privileged user could exploit improper GPU memory processing operations. By carefully preparing the system’s memory, an attacker could gain unauthorized access to previously freed memory blocks. This situation poses a security risk for systems utilizing the affected GPU drivers, specifically versions ranging from r41p0 to r47p0 in both the Valhall and Arm 5th Gen architectures.",Arm Ltd,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-03T14:15:00.000Z,0
CVE-2024-0151,https://securityvulnerability.io/vulnerability/CVE-2024-0151,Insecure Argument Checking in Cortex-M Security Extensions (CMSE) Could Lead to Secure State Errors,"Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.",Arm,Arm V8-m Security Extensions Requirements On Development Tools,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-24T17:12:43.184Z,0
CVE-2024-22905,https://securityvulnerability.io/vulnerability/CVE-2024-22905,ARM mbed-os Buffer Overflow Vulnerability Allows Remote Execution of Arbitrary Code,Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.,ARM,,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-19T21:15:00.000Z,0