Vulnerability Description
When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Arm Compiler For Embedded | >= 6.6, < 6.23 |
| Arm | Arm Compiler For Embedded Fusa | 6.16 |
| Arm | Arm Compiler For Functional Safety | 6.6 |
| Arm | Clang | >= 11.0.0, < 20.1.0 |
Related Weaknesses (CWE)
References
- https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20ExtensioExploitVendor Advisory
FAQ
What is CVE-2024-7883?
CVE-2024-7883 is a vulnerability with a CVSS score of 3.7 (LOW). When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that return...
How severe is CVE-2024-7883?
CVE-2024-7883 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-7883?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Arm Compiler For Embedded, Arm Arm Compiler For Embedded Fusa, Arm Arm Compiler For Functional Safety, Arm Clang.