When using Arm Cortex-M Security Extensions (CMSE), Secure stack
contents can be leaked to Non-secure state via floating-point registers
when a Secure to Non-secure function call is made that returns a
floating-point value and when this is the first use of floating-point
since entering Secure state. This allows an attacker to read a limited
quantity of Secure stack contents with an impact on confidentiality.
This issue is specific to code generated using LLVM-based compilers.
References
Configurations
No configuration.
History
31 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-31 17:15
Updated : 2024-11-01 12:57
NVD link : CVE-2024-7883
Mitre link : CVE-2024-7883
CVE.ORG link : CVE-2024-7883
JSON object : View
Products Affected
No product.
CWE
CWE-226
Sensitive Information in Resource Not Removed Before Reuse