CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

PT-2026-47727

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

CVE-2026-33662

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

PT-2026-35055

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.8.0 through 4.10 Description An integer underflow occurs in the emsa pkcs1 v1 5 encode function within the core/drivers/crypto/crypto api/acipher/rsassa.c file. The issue arises when calculating the padding size PS size by...

CVE-2025-54515

The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors TF-A for Arm’s Power State Coordination Interface PSCI commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were...

CVE-2025-54515

The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors TF-A for Arm’s Power State Coordination Interface PSCI commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were...

PT-2025-47854

The Secure Flag passed to Versal™ Adaptive SoC’s Arm® Trusted Firmware for Cortex®-A processors TF-A for Arm’s Power State Coordination Interface PSCI commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they...

EUVD-2023-45838

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-26670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: entry: fix ARM64WORKAROUNDSPECULATIVEUNPRIVLOAD Currently the ARM64WORKAROUNDSPECULATIVEUNPRIVLOAD workaround isn't quite right, as it is supposed to be...

CVE-2023-41325

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, shdrverifysignature can make a double free. shdrverifysignature used to verify a TA...

CVE-2023-41325

OP-TEE (Trusted Execution Environment) has a double-free condition in shdr_verify_signature across versions 3.20–3.21, triggered during RSA key memory allocation in sw_crypto_acipher_alloc_rsa_public_key when verifying a TA binary signature. The bug can free memory twice (e) due to non-atomic all...

多款Arm产品安全漏洞

ARM Cortex-A and others are products of the British company ARM.ARM Cortex-A is a set of 32-bit and 64-bit RISC ARM processor cores.ARM Neoverse is a high-performance ARM microarchitecture.ARM Cortex-R is a set of 32-bit and 64-bit RISC ARM processor cores. A security vulnerability exists in Arm...

Microsoft Shells Out $100K for IoT Security

Microsoft has launched a bug-bounty program for its Azure Sphere offering, which is a security suite for the internet of things IoT that encompasses hardware, OS and cloud elements. The top reward will come in at $100,000. The Azure Sphere Security Research Challenge is an expansion of a program...