Description

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

INFO

Published Date :

2024-10-31T17:01:49.725Z

Last Modified :

2024-10-31T17:53:36.751Z

Source :

Arm
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7883 vulnerability.

Vendors Products
Arm
  • Arm Compiler For Embedded
  • Arm Compiler For Embedded Fusa
  • Arm Compiler For Functional Safety
  • Clang
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7883.

URL Resource
https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-7883 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-7883 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact