3.7

CVE-2024-7883

When using Arm Cortex-M Security Extensions (CMSE), Secure stack 
contents can be leaked to Non-secure state via floating-point registers 
when a Secure to Non-secure function call is made that returns a 
floating-point value and when this is the first use of floating-point 
since entering Secure state. This allows an attacker to read a limited 
quantity of Secure stack contents with an impact on confidentiality. 
This issue is specific to code generated using LLVM-based compilers.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorArm Ltd
Product Arm Compiler for Embedded
Default Statusunaffected
Version <= 6.22
Version 6.6
Status affected
VendorArm Ltd
Product Arm Compiler for Embedded FuSa 6.16LTS
Default Statusaffected
Version All versions
Status affected
VendorArm Ltd
Product Arm Compiler for Embedded FuSa 6.21
Default Statusaffected
Version All versions
Status affected
VendorArm Ltd
Product Arm Compiler for Functional Safety 6.6
Default Statusaffected
Version All versions
Status affected
VendorArm Ltd
Product CLang
Default Statusunaffected
Version <= 19
Version 13
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.297
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
arm-security@arm.com 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-226 Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.