CVE-2024-0151

Опубликовано: 24 апр. 2024

Источник: redhat

CVSS3: 7.9

EPSS Низкий

Описание

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.

Arm is aware of a potential software security issue in code that uses Cortex-M Security Extensions (CMSE) and has been compiled with tools that implement Arm v8-M Security Extensions Requirements on Development Tools before version 1.4. This issue potentially allows an attacker who can pass out-of-range values to code executing in a secure state to cause an incorrect operation in a secure state.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-241

https://bugzilla.redhat.com/show_bug.cgi?id=2276906hw: arm: out-of-range values to code executing in Secure state to cause incorrect operation in Secure state

EPSS

Процентиль: 33%

0.00133

Низкий

7.9 High

CVSS3

Связанные уязвимости

CVE-2024-0151

CVSS3: 6.5

nvd

почти 2 года назад

GHSA-gcfv-8g7p-w74j