Known Vulnerabilities for products from Arm
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Arm".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Arm can be found at device.report : Arm
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34877 json | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized S... | Not Provided | 2026-04-02 | 2026-06-05 |
| CVE-2026-34872 json | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory beha... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2026-34871 json | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable ... | Not Provided | 2026-04-01 | 2026-06-05 |
| CVE-2026-25835 json | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | Not Provided | 2026-04-01 | 2026-06-05 |
| CVE-2026-0995 json | An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensu... | Not Provided | 2026-03-02 | 2026-04-20 |
| CVE-2025-66442 json | In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs w... | Not Provided | 2026-04-01 | 2026-04-03 |
| CVE-2025-27810 json | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialize... | Not Provided | 2025-03-25 | 2026-06-05 |
| CVE-2025-27809 json | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrar... | Not Provided | 2025-03-25 | 2026-06-05 |
| CVE-2024-28960 json | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto... | Not Provided | 2024-03-29 | 2026-06-05 |
| CVE-2024-23775 json | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of serv... | Not Provided | 2024-01-31 | 2026-06-05 |
| CVE-2024-23170 json | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private op... | Not Provided | 2024-01-31 | 2026-06-05 |
| CVE-2023-52353 json | 7.5 - HIGH | 2024-01-21 | 2024-01-29 | |
| CVE-2023-43615 json | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | Not Provided | 2023-10-07 | 2026-06-05 |
| CVE-2023-34970 json | A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds o... | 4.7 - MEDIUM | 2023-10-03 | 2023-10-05 |
| CVE-2023-33200 json | A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system�... | 4.7 - MEDIUM | 2023-10-03 | 2023-10-05 |
| CVE-2023-32804 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2023-12-04 | 2023-12-07 |
| CVE-2023-28469 json | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations ... | 5.5 - MEDIUM | 2023-06-02 | 2023-06-09 |
| CVE-2023-28147 json | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations ... | 5.5 - MEDIUM | 2023-06-02 | 2023-06-09 |
| CVE-2023-26085 json | A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-N... | 7.8 - HIGH | 2023-06-29 | 2023-07-07 |
| CVE-2023-26084 json | The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM... | 3.7 - LOW | 2023-03-15 | 2023-03-22 |
Known software with vulnerabilities from Arm
| Type | Vendor | Product | Version |
|---|---|---|---|
| Operating System | Arm | Arm-trusted-firmware | 0.2 |
| Hardware | Arm | Arm7 | - |
| Hardware | Arm | Armv8-m | - |
| Operating System | Arm | Armv8-m Firmware | - |
| Application | Arm | Arm Compiler | 5.00 |
| Operating System | Arm | Arm Trusted Firmware | 2.2 |
| Hardware | Arm | Cortex-a | 15 |
| Hardware | Arm | Cortex-a32 | - |
| Operating System | Arm | Cortex-a32 Firmware | - |
| Hardware | Arm | Cortex-a34 | - |
| Operating System | Arm | Cortex-a34 Firmware | - |
| Hardware | Arm | Cortex-a35 | - |
| Operating System | Arm | Cortex-a35 Firmware | - |
| Hardware | Arm | Cortex-a53 | - |
| Operating System | Arm | Cortex-a53 Firmware | - |
| Operating System | Arm | Cortex-a57 Firmware | - |
| Operating System | Arm | Cortex-a72 Firmware | - |
| Operating System | Arm | Cortex-a73 Firmware | - |
| Operating System | Arm | Mbed | 5.0.0 |
| Application | Arm | Mbed-coap | 5.1.5 |