CVE-2024-7883

LOW
Published Oct 31, 2024 Modified Dec 23, 2025 CWE-226

Description

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

CVSS v3.1 Score

3.7
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Weakness Type (CWE)

CWE-226 CWE-226

Affected Products

Vendor Product
arm arm_compiler_for_embedded
arm arm_compiler_for_embedded_fusa
arm arm_compiler_for_embedded_fusa
arm arm_compiler_for_functional_safety
arm clang

References

Frequently Asked Questions

What is CVE-2024-7883? +
When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers. It has a CVSS v3.1 base score of 3.7 (LOW).
How severe is CVE-2024-7883? +
CVE-2024-7883 has a CVSS v3.1 score of 3.7 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2024-7883? +
CVE-2024-7883 affects products from arm, specifically: arm_compiler_for_embedded, arm_compiler_for_embedded_fusa, arm_compiler_for_functional_safety, clang. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-7883? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-7883 — free, no signup required.

Start Free Scan