Overview
- Description
- When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.
- Source
- arm-security@arm.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 3.7
- Impact score
- 1.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
Weaknesses
- arm-security@arm.com
- CWE-226
Social media
- Hype score
- Not currently trending
CVE-2024-7883 Stack Leak Vulnerability via Floating-Point Registers in Cortex-M CMSE In Arm Cortex-M Security Extensions (CMSE), there's a vulnerability. Secure stack data can leak to Non-secure state. This happe... https://t.co/8ugoCizTOF
@VulmonFeeds
31 Oct 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-7883 When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure f… https://t.co/RC63cNeKzG
@CVEnew
31 Oct 2024
343 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes