3.7

CVE-2024-7883

When using Arm Cortex-M Security Extensions (CMSE), Secure stack 
contents can be leaked to Non-secure state via floating-point registers 
when a Secure to Non-secure function call is made that returns a 
floating-point value and when this is the first use of floating-point 
since entering Secure state. This allows an attacker to read a limited 
quantity of Secure stack contents with an impact on confidentiality. 
This issue is specific to code generated using LLVM-based compilers.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerArm Ltd
Produkt Arm Compiler for Embedded
Default Statusunaffected
Version <= 6.22
Version 6.6
Status affected
HerstellerArm Ltd
Produkt Arm Compiler for Embedded FuSa 6.16LTS
Default Statusaffected
Version All versions
Status affected
HerstellerArm Ltd
Produkt Arm Compiler for Embedded FuSa 6.21
Default Statusaffected
Version All versions
Status affected
HerstellerArm Ltd
Produkt Arm Compiler for Functional Safety 6.6
Default Statusaffected
Version All versions
Status affected
HerstellerArm Ltd
Produkt CLang
Default Statusunaffected
Version <= 19
Version 13
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.261
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
arm-security@arm.com 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-226 Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.