CVE-2024-7883

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability	Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arm:arm_compiler_for_embedded::::::::
	cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16::::lts:::
	cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.21::::lts:::
	cpe:2.3:a:arm:arm_compiler_for_functional_safety:6.6:::::::*
	cpe:2.3:a:arm:clang::::::::

History

No history.

Information

Published : 2024-10-31 17:15

Updated : 2025-12-23 15:30

NVD link : CVE-2024-7883

Mitre link : CVE-2024-7883

CVE.ORG link : CVE-2024-7883

JSON object : View

Products Affected

arm

arm_compiler_for_embedded
clang
arm_compiler_for_embedded_fusa
arm_compiler_for_functional_safety

CWE

CWE-226

Sensitive Information in Resource Not Removed Before Reuse

{"id": "CVE-2024-7883", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "arm-security@arm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2024-10-31T17:15:14.013", "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability", "tags": ["Vendor Advisory", "Exploit"], "source": "arm-security@arm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "arm-security@arm.com", "description": [{"lang": "en", "value": "CWE-226"}]}], "descriptions": [{"lang": "en", "value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."}, {"lang": "es", "value": "Al utilizar las extensiones de seguridad Arm Cortex-M (CMSE), el contenido de la pila segura puede filtrarse al estado no seguro a trav\u00e9s de registros de punto flotante cuando se realiza una llamada de funci\u00f3n de seguro a no seguro que devuelve un valor de punto flotante y cuando este es el primer uso del punto flotante desde que se ingresa al estado seguro. Esto permite que un atacante lea una cantidad limitada de contenido de la pila segura con un impacto en la confidencialidad. Este problema es espec\u00edfico del c\u00f3digo generado mediante compiladores basados ??en LLVM."}], "lastModified": "2025-12-23T15:30:31.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:arm_compiler_for_embedded:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DD47BCD-A63A-416B-9441-0C8150B78DBA", "versionEndExcluding": "6.23", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "27EF772A-BF7D-487A-9B34-6521220068F0"}, {"criteria": "cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.21:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "C00CD65D-11D2-4EEA-B3A5-B57A3E61943E"}, {"criteria": "cpe:2.3:a:arm:arm_compiler_for_functional_safety:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E56C6F5A-5EA7-42F8-958D-9B02944C57BB"}, {"criteria": "cpe:2.3:a:arm:clang:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E5FA179-8BC7-4A97-8F44-638F7777665E", "versionEndExcluding": "20.1.0", "versionStartIncluding": "11.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "arm-security@arm.com"}