Arm Security Vulnerabilities (CVEs)
Track 60 security vulnerabilities affecting Arm products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a CPU-level vulnerability in certain Arm processors where a specific instruction (CPP RCTX) can prevent proper TLB invalidation, ca...
Jan 14, 2026Mbed TLS versions through 3.6.4 contain a timing side-channel vulnerability in RSA decryption with PKCS#1 v1.5 padding. This allows attackers to poten...
Oct 21, 2025CVE-2025-54764 is a timing side-channel vulnerability in Mbed TLS that allows local attackers to potentially extract RSA private keys by measuring exe...
Oct 20, 2025A Use After Free vulnerability in Arm GPU kernel drivers allows local non-privileged users to access freed memory through GPU operations. This affects...
Sep 8, 2025A Use After Free vulnerability in Arm GPU drivers allows non-privileged user processes to access freed memory through GPU operations like WebGL or Web...
Aug 4, 2025Arm Development Studio versions before 2025 contain a DLL hijacking vulnerability (CWE-427) where attackers can place malicious DLLs in directories se...
Jul 22, 2025Mbed TLS versions before 3.6.4 contain a use-after-free vulnerability in the mbedtls_x509_string_to_names() function. The function unexpectedly frees ...
Jul 20, 2025This vulnerability in Mbed TLS allows an attacker to cause a denial of service (DoS) by triggering a NULL pointer dereference when parsing malformed A...
Jul 20, 2025This vulnerability in MbedTLS allows attackers to forge LMS signatures when using hardware-accelerated hashing. An attacker who can induce faults in h...
Jul 4, 2025Mbed TLS versions before 3.6.4 have a race condition in AESNI detection that can occur with certain compiler optimizations. This vulnerability allows ...
Jul 4, 2025A Use After Free vulnerability in Arm's Valhall and 5th Gen GPU kernel drivers allows a local non-privileged user to access freed memory through impro...
Jun 2, 2025A memory buffer overflow vulnerability in Arm GPU drivers allows non-privileged user processes to access memory outside allocated bounds via GPU opera...
Jun 2, 2025A Use After Free vulnerability in Arm GPU kernel drivers allows local non-privileged users to access freed memory through GPU processing operations. T...
May 2, 2025This vulnerability in Mbed TLS occurs when memory allocation fails or hardware errors happen, causing the library to use uninitialized stack memory wh...
Mar 25, 2025This vulnerability allows a non-privileged user to trigger an infinite loop in Arm GPU kernel drivers through GPU memory operations, potentially via W...
Feb 3, 2025A Use After Free vulnerability in Arm's Valhall and 5th Gen GPU kernel drivers allows local non-privileged users to access freed memory through improp...
Feb 3, 2025CVE-2024-7881 is a speculative execution vulnerability in certain Arm CPUs where unprivileged code can trigger the data memory-dependent prefetcher to...
Jan 28, 2025CVE-2024-11864 is a vulnerability in SCP-Firmware where specially crafted SCMI messages can cause a Usage Fault and crash the System Control Processor...
Jan 14, 2025CVE-2024-11863 is a denial-of-service vulnerability in ARM SCP-Firmware where specially crafted SCMI messages can cause a Usage Fault and crash the Sy...
Jan 14, 2025This vulnerability in MBed OS 6.16.0 allows a buffer overflow when parsing Bluetooth Low Energy (BLE) advertising reports. Attackers could potentially...
Nov 20, 2024This vulnerability in MBed OS 6.16.0 allows attackers to execute arbitrary write operations via specially crafted HCI packets, leading to potential re...
Nov 20, 2024This vulnerability in MBed OS 6.16.0 allows attackers to trigger a buffer overflow during HCI packet processing, leading to arbitrary memory writes. A...
Nov 20, 2024A buffer overflow vulnerability in SCP-Firmware's transport_message_handler function allows an Application Processor to potentially execute arbitrary ...
Nov 13, 2024Mbed TLS versions 3.5.x through 3.6.x before 3.6.2 contain a buffer underrun vulnerability in the pkwrite function when writing opaque key pairs. This...
Oct 15, 2024A stack buffer overflow vulnerability in Mbed TLS 3.6 allows attackers to execute arbitrary code or cause denial of service when applications directly...
Sep 5, 2024This vulnerability in Trusted Firmware-M allows attackers to read sensitive data through the logging subsystem due to insufficient argument verificati...
Sep 5, 2024A Use After Free vulnerability in Arm Mali GPU kernel drivers allows a local non-privileged user to perform improper GPU memory operations, potentiall...
Aug 5, 2024This CVE describes a memory buffer overflow vulnerability in Arm's Valhall and 5th Gen GPU firmware that allows a local non-privileged user to perform...
Jul 1, 2024A Use After Free vulnerability in Arm's Bifrost and Valhall GPU kernel drivers allows local non-privileged users to access freed memory through improp...
Jun 7, 2024A Use After Free vulnerability in Arm Mali GPU kernel drivers allows a local non-privileged user to perform improper GPU memory operations. On Armv8.0...
May 3, 2024A buffer overflow vulnerability in ARM mbed-os v6.17.0 allows remote attackers to execute arbitrary code via crafted scripts targeting the hciTrSerial...
Apr 19, 2024A malicious client can exploit a stack buffer over-read vulnerability in Mbed TLS 3.3.0 through 3.5.2 to cause information disclosure or denial of ser...
Apr 3, 2024This vulnerability in Mbed TLS and Mbed Crypto allows attackers to potentially access sensitive cryptographic data or cause denial of service through ...
Mar 29, 2024This CVE describes a use-after-free vulnerability in multiple Arm Mali GPU kernel drivers that allows a local non-privileged user to exploit a race co...
Mar 4, 2024A use-after-free vulnerability in Arm Mali GPU kernel drivers allows local non-privileged users to exploit a race condition under heavy system load to...
Mar 4, 2024This CVE describes an out-of-bounds write vulnerability in Arm Mali GPU kernel drivers that allows a local non-privileged user to perform improper GPU...
Feb 5, 2024An integer overflow vulnerability in Mbed TLS's mbedtls_x509_set_extension() function allows attackers to cause denial of service (DoS) by triggering ...
Jan 31, 2024A vulnerability in Mbed TLS 3.5.1 causes persistent handshake denial when a client sends a TLS 1.3 ClientHello message without extensions. This allows...
Jan 21, 2024CVE-2023-4295 is a use-after-free vulnerability in Arm Mali GPU drivers that allows local non-privileged users to access freed memory through improper...
Nov 7, 2023This CVE describes a buffer overflow vulnerability in Mbed TLS versions 2.x before 2.28.5 and 3.x before 3.5.0. Attackers could exploit this to execut...
Oct 7, 2023This CVE describes a buffer overflow vulnerability in Mbed TLS that allows remote attackers to execute arbitrary code on affected systems. It affects ...
Oct 7, 2023CVE-2023-26085 is an out-of-bounds read/write vulnerability in Arm NN Android-NN-Driver due to improper shared memory length validation. This allows a...
Jun 29, 2023This vulnerability in Arm Mali GPU Kernel Driver allows a non-privileged user to perform improper GPU processing operations to access already freed me...
Mar 6, 2023This vulnerability in Mbed TLS allows unauthenticated attackers to send specially crafted DTLS ClientHello messages to servers with specific configura...
Jul 15, 2022This vulnerability in Arm Mali GPU Kernel Driver allows attackers to trigger a use-after-free condition through improper GPU operations, potentially l...
May 19, 2022This vulnerability in Arm Mali GPU kernel drivers allows improper GPU memory operations to reach a use-after-free situation. Attackers can exploit thi...
May 19, 2022This vulnerability in ARM CMSIS RTOS2 allows integer wrap-around in memory allocation functions, potentially leading to arbitrary memory allocation. T...
May 3, 2022This vulnerability in ARM mbed OS 6.3.0 allows attackers to trigger integer wrap-around in memory allocation functions, potentially leading to arbitra...
May 3, 2022This vulnerability in mbed TLS allows attackers to cause a Denial of Service by providing an empty password to the mbedtls_pkcs12_derivation function....
Mar 24, 2022This vulnerability in Arm Mali GPU Kernel Driver allows non-privileged users to write to read-only memory pages, potentially leading to privilege esca...
Mar 3, 2022Why Monitor Arm Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 60+ known vulnerabilities affecting Arm products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Arm packages in under 60 seconds. No agents required - completely agentless scanning that works across Arm deployments.
Free vulnerability database: Access detailed information about every Arm CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Arm CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
