Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-7883

Опубликовано: 31 окт. 2024
Источник: nvd
CVSS3: 3.7
EPSS Низкий

Описание

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arm:arm_compiler_for_embedded:*:*:*:*:*:*:*:*
Версия от 6.6 (включая) до 6.23 (исключая)
cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16:*:*:*:lts:*:*:*
cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.21:*:*:*:lts:*:*:*
cpe:2.3:a:arm:arm_compiler_for_functional_safety:6.6:*:*:*:*:*:*:*
cpe:2.3:a:arm:clang:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 20.1.0 (исключая)

EPSS

Процентиль: 50%
0.00271
Низкий

3.7 Low

CVSS3

Дефекты

CWE-226

Связанные уязвимости

ubuntu логотип

CVE-2024-7883

CVSS3: 3.7
ubuntu
больше 1 года назад

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

redhat логотип

CVE-2024-7883

CVSS3: 3.7
redhat
больше 1 года назад

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

msrc логотип

CVE-2024-7883

CVSS3: 3.7
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-7883

CVSS3: 3.7
debian
больше 1 года назад

When using Arm Cortex-M Security Extensions (CMSE), Secure stack cont ...

github логотип

GHSA-vwj9-2733-p4wv

CVSS3: 3.7
github
больше 1 года назад

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

EPSS

Процентиль: 50%
0.00271
Низкий

3.7 Low

CVSS3

Дефекты

CWE-226