Arm: >> Arm Compiler For Embedded Fusa Security Vulnerabilities
When using Arm Cortex-M Security Extensions (CMSE), Secure stack
contents can be leaked to Non-secure state via floating-point registers
when a Secure to Non-secure function call is made that returns a
floating-point value and when this is the first use of floating-point
since entering Secure state. This allows an attacker to read a limited
quantity of Secure stack contents with an impact on confidentiality.
This issue is specific to code generated using LLVM-based compilers.
CVSS Score
3.7
EPSS Score
0.003
Published
2024-10-31
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-07-27
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-07-27