Browse all 41 CVE security advisories affecting Arm Ltd. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Arm Ltd designs processor architectures and intellectual property licenses widely used in mobile devices, IoT, and automotive systems. Its core business involves providing the foundational hardware logic that powers billions of global devices rather than manufacturing end-user products. Historically, vulnerabilities in Arm components have frequently involved memory corruption issues, such as buffer overflows and use-after-free errors, which often lead to remote code execution or privilege escalation. These flaws typically arise in low-level system software, hypervisors, or cryptographic libraries integrated with Arm cores. While major public incidents are less common than in consumer software due to the embedded nature of the technology, security researchers regularly identify critical flaws in Arm’s cryptographic implementations and kernel interfaces. The current record of 41 CVEs reflects ongoing efforts to secure these foundational components against sophisticated attacks targeting the hardware-software boundary.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-5427 | Mali GPU Kernel Driver allows improper GPU processing operations — Bifrost GPU Kernel DriverCWE-416 | 7.8 | - | 2023-12-01 |
| CVE-2023-4295 | Mali GPU Kernel Driver allows improper GPU memory processing operations — Valhall GPU Kernel DriverCWE-190 | 7.8 | - | 2023-11-07 |
| CVE-2023-3889 | Mali GPU Kernel Driver exposes sensitive data from freed memory — Valhall GPU Kernel DriverCWE-119 | 7.8 | - | 2023-11-07 |
| CVE-2023-4272 | Mali GPU Kernel Driver exposes sensitive data from freed memory — Midgard GPU Kernel DriverCWE-1251 | 5.5 | - | 2023-11-07 |
| CVE-2023-34970 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations — Valhall GPU Kernel DriverCWE-416 | 6.3 | - | 2023-10-03 |
| CVE-2023-33200 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations — Bifrost GPU Kernel DriverCWE-416 | 7.0 | - | 2023-10-03 |
| CVE-2023-4211 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations — Midgard GPU Kernel DriverCWE-416 | 7.8 | - | 2023-10-01 |
| CVE-2023-4039 | GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 — Arm GNU ToolchainCWE-693 | 4.8 | Medium | 2023-09-13 |
| CVE-2022-43703 | Incomplete verification of installation file signature — Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)CWE-427 | 7.1 | - | 2023-07-27 |
| CVE-2022-43702 | Incomplete verification of installation file signature — Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)CWE-284 | 7.8 | - | 2023-07-27 |
| CVE-2022-43701 | Insecure directory permissions on installer files — Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)CWE-276 | 8.4 | - | 2023-07-27 |
This page lists every published CVE security advisory associated with Arm Ltd. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.