We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-7883

CMSE secure state may leak from stack to floating-point registers



Description

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

Reserved 2024-08-16 | Published 2024-10-31 | Updated 2024-10-31 | Assigner Arm


LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-226 Sensitive Information in Resource Not Removed Before Reuse

Product status

Default status
unaffected

6.6
affected

Default status
affected

All versions
affected

Default status
affected

All versions
affected

Default status
affected

All versions
affected

Default status
unaffected

13
affected

References

developer.arm.com/...tex-M Security Extensions Vulnerability

cve.org (CVE-2024-7883)

nvd.nist.gov (CVE-2024-7883)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-7883

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.