CVE-2024-7883
LOWDescription
When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| arm | arm_compiler_for_embedded |
| arm | arm_compiler_for_embedded_fusa |
| arm | arm_compiler_for_embedded_fusa |
| arm | arm_compiler_for_functional_safety |
| arm | clang |
References
Frequently Asked Questions
What is CVE-2024-7883? +
How severe is CVE-2024-7883? +
What products are affected by CVE-2024-7883? +
How do I check if I'm vulnerable to CVE-2024-7883? +
Related Vulnerabilities
Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of …
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be …
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed …
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). …
Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow …
wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue …