CVE-2024-7883

low-risk
Published 2024-10-31

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (5)

Arm Compiler For Embedded
Arm Compiler For Embedded Fusa
Arm Compiler For Embedded Fusa
Arm Compiler For Functional Safety
Clang

Affected Vendors

Arm

References (1)

Exploit https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensio...
26
/ 100
low-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 12/34 · Low