CVE-2024-7883 (GCVE-0-2024-7883)
Vulnerability from cvelistv5
Published
2024-10-31 17:01
Modified
2024-10-31 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Summary
When using Arm Cortex-M Security Extensions (CMSE), Secure stack
contents can be leaked to Non-secure state via floating-point registers
when a Secure to Non-secure function call is made that returns a
floating-point value and when this is the first use of floating-point
since entering Secure state. This allows an attacker to read a limited
quantity of Secure stack contents with an impact on confidentiality.
This issue is specific to code generated using LLVM-based compilers.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Arm Ltd | Arm Compiler for Embedded |
Version: 6.6 ≤ 6.22 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T17:53:14.089857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:53:36.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arm Compiler for Embedded",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "6.23",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.22",
"status": "affected",
"version": "6.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"ARM"
],
"product": "Arm Compiler for Embedded FuSa 6.16LTS",
"vendor": "Arm Ltd",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "affected",
"product": "Arm Compiler for Embedded FuSa 6.21",
"vendor": "Arm Ltd",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"ARM"
],
"product": "Arm Compiler for Functional Safety 6.6",
"vendor": "Arm Ltd",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"ARM"
],
"product": "CLang",
"vendor": "Arm Ltd",
"versions": [
{
"changes": [
{
"at": "20",
"status": "unaffected"
}
],
"lessThanOrEqual": "19",
"status": "affected",
"version": "13",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-31T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."
}
],
"value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226 Sensitive Information in Resource Not Removed Before Reuse",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:01:49.725Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Recompile affected code using a fixed compiler.\n\n\u003cbr\u003e"
}
],
"value": "Recompile affected code using a fixed compiler."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "CMSE secure state may leak from stack to floating-point registers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2024-7883",
"datePublished": "2024-10-31T17:01:49.725Z",
"dateReserved": "2024-08-16T15:09:09.866Z",
"dateUpdated": "2024-10-31T17:53:36.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-7883\",\"sourceIdentifier\":\"arm-security@arm.com\",\"published\":\"2024-10-31T17:15:14.013\",\"lastModified\":\"2024-11-01T12:57:03.417\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When using Arm Cortex-M Security Extensions (CMSE), Secure stack \\ncontents can be leaked to Non-secure state via floating-point registers \\nwhen a Secure to Non-secure function call is made that returns a \\nfloating-point value and when this is the first use of floating-point \\nsince entering Secure state. This allows an attacker to read a limited \\nquantity of Secure stack contents with an impact on confidentiality. \\nThis issue is specific to code generated using LLVM-based compilers.\"},{\"lang\":\"es\",\"value\":\"Al utilizar las extensiones de seguridad Arm Cortex-M (CMSE), el contenido de la pila segura puede filtrarse al estado no seguro a trav\u00e9s de registros de punto flotante cuando se realiza una llamada de funci\u00f3n de seguro a no seguro que devuelve un valor de punto flotante y cuando este es el primer uso del punto flotante desde que se ingresa al estado seguro. Esto permite que un atacante lea una cantidad limitada de contenido de la pila segura con un impacto en la confidencialidad. Este problema es espec\u00edfico del c\u00f3digo generado mediante compiladores basados ??en LLVM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"arm-security@arm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"arm-security@arm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-226\"}]}],\"references\":[{\"url\":\"https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability\",\"source\":\"arm-security@arm.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7883\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-31T17:53:14.089857Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-31T17:53:22.080Z\"}}], \"cna\": {\"title\": \"CMSE secure state may leak from stack to floating-point registers\", \"source\": {\"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arm Ltd\", \"product\": \"Arm Compiler for Embedded\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"6.23\", \"status\": \"unaffected\"}], \"version\": \"6.6\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.22\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Arm Ltd\", \"product\": \"Arm Compiler for Embedded FuSa 6.16LTS\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"platforms\": [\"Windows\", \"Linux\", \"ARM\"], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Arm Ltd\", \"product\": \"Arm Compiler for Embedded FuSa 6.21\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Arm Ltd\", \"product\": \"Arm Compiler for Functional Safety 6.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"platforms\": [\"Windows\", \"Linux\", \"ARM\"], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Arm Ltd\", \"product\": \"CLang\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"20\", \"status\": \"unaffected\"}], \"version\": \"13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19\"}], \"platforms\": [\"Windows\", \"Linux\", \"ARM\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Recompile affected code using a fixed compiler.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Recompile affected code using a fixed compiler.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-10-31T16:00:00.000Z\", \"references\": [{\"url\": \"https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"When using Arm Cortex-M Security Extensions (CMSE), Secure stack \\ncontents can be leaked to Non-secure state via floating-point registers \\nwhen a Secure to Non-secure function call is made that returns a \\nfloating-point value and when this is the first use of floating-point \\nsince entering Secure state. This allows an attacker to read a limited \\nquantity of Secure stack contents with an impact on confidentiality. \\nThis issue is specific to code generated using LLVM-based compilers.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"When using Arm Cortex-M Security Extensions (CMSE), Secure stack \\ncontents can be leaked to Non-secure state via floating-point registers \\nwhen a Secure to Non-secure function call is made that returns a \\nfloating-point value and when this is the first use of floating-point \\nsince entering Secure state. This allows an attacker to read a limited \\nquantity of Secure stack contents with an impact on confidentiality. \\nThis issue is specific to code generated using LLVM-based compilers.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-226\", \"description\": \"CWE-226 Sensitive Information in Resource Not Removed Before Reuse\"}]}], \"providerMetadata\": {\"orgId\": \"56a131ea-b967-4a0d-a41e-5f3549952846\", \"shortName\": \"Arm\", \"dateUpdated\": \"2024-10-31T17:01:49.725Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-7883\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-31T17:53:36.751Z\", \"dateReserved\": \"2024-08-16T15:09:09.866Z\", \"assignerOrgId\": \"56a131ea-b967-4a0d-a41e-5f3549952846\", \"datePublished\": \"2024-10-31T17:01:49.725Z\", \"assignerShortName\": \"Arm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…