Vulnerability Details CVE-2024-7883
When using Arm Cortex-M Security Extensions (CMSE), Secure stack
contents can be leaked to Non-secure state via floating-point registers
when a Secure to Non-secure function call is made that returns a
floating-point value and when this is the first use of floating-point
since entering Secure state. This allows an attacker to read a limited
quantity of Secure stack contents with an impact on confidentiality.
This issue is specific to code generated using LLVM-based compilers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 3.7
References
Products affected by CVE-2024-7883
-
cpe:2.3:a:arm:arm_compiler_for_embedded:6.17
-
cpe:2.3:a:arm:arm_compiler_for_embedded:6.18
-
cpe:2.3:a:arm:arm_compiler_for_embedded:6.19
-
cpe:2.3:a:arm:arm_compiler_for_embedded:6.20
-
cpe:2.3:a:arm:arm_compiler_for_embedded:6.20.1
-
cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16
-
cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.21
-
cpe:2.3:a:arm:arm_compiler_for_functional_safety:6.6
-
cpe:2.3:a:arm:clang:11.0.0
-
cpe:2.3:a:arm:clang:11.0.1
-
cpe:2.3:a:arm:clang:11.1.0
-
cpe:2.3:a:arm:clang:12.0.0
-
cpe:2.3:a:arm:clang:12.0.1
-
cpe:2.3:a:arm:clang:13.0.0
-
cpe:2.3:a:arm:clang:13.0.1
-
cpe:2.3:a:arm:clang:14.0.0
-
cpe:2.3:a:arm:clang:15.0.0
-
cpe:2.3:a:arm:clang:16.0.0
-
cpe:2.3:a:arm:clang:17.0.1
-
cpe:2.3:a:arm:clang:18.1.0
-
cpe:2.3:a:arm:clang:19.1.0