Vulnerability Description
In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Armv8-M Firmware | All versions |
| Arm | Armv8-M | - |
Related Weaknesses (CWE)
References
- https://developer.arm.com/support/arm-security-updates/armv8-m-stack-sealingVendor Advisory
- https://developer.arm.com/support/arm-security-updates/armv8-m-stack-sealingVendor Advisory
FAQ
What is CVE-2020-16273?
CVE-2020-16273 is a vulnerability with a CVSS score of 7.8 (HIGH). In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can ca...
How severe is CVE-2020-16273?
CVE-2020-16273 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16273?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Armv8-M Firmware, Arm Armv8-M.