CVE-2024-7883

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7883

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7883.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7883

Related

UBUNTU-CVE-2024-7883

Published

2024-10-31T17:15:14Z

Modified

2025-02-16T11:42:24.848489Z

Summary

[none]

Details

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

References

Affected packages

Debian:12 / llvm-toolchain-14

Package

Name: llvm-toolchain-14
Purl: pkg:deb/debian/llvm-toolchain-14?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:14.*

1:14.0.6-12

1:14.0.6-12+powerpc

1:14.0.6-13

1:14.0.6-14

1:14.0.6-16

1:14.0.6-16.1~exp1

1:14.0.6-16.1

1:14.0.6-17

1:14.0.6-18

1:14.0.6-19

1:14.0.6-20

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / llvm-toolchain-15

Package

Name: llvm-toolchain-15
Purl: pkg:deb/debian/llvm-toolchain-15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:15.*

1:15.0.6-4

1:15.0.6-5~exp1

1:15.0.6-5~exp2

1:15.0.6-5~exp3

1:15.0.7-1

1:15.0.7-1+hurd.1

1:15.0.7-2

1:15.0.7-3

1:15.0.7-4

1:15.0.7-5~exp1

1:15.0.7-5

1:15.0.7-6

1:15.0.7-7

1:15.0.7-8

1:15.0.7-9

1:15.0.7-10

1:15.0.7-10.1~exp1

1:15.0.7-11

1:15.0.7-11.1

1:15.0.7-12

1:15.0.7-13

1:15.0.7-14

1:15.0.7-15

1:15.0.7-15+hurd.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / llvm-toolchain-16

Package

Name: llvm-toolchain-16
Purl: pkg:deb/debian/llvm-toolchain-16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.0.0~+rc1-1~exp1

1:16.0.0~+rc2-1~exp1

1:16.0.0~+rc3-1~exp1

1:16.0.0~+rc4-1~exp1

1:16.0.0-1~exp1

1:16.0.0-1~exp2

1:16.0.0-1~exp3

1:16.0.0-1~exp4

1:16.0.0-1~exp5

1:16.0.1-1~exp1

1:16.0.1-1~exp2

1:16.0.2-1~exp1

1:16.0.3-1~exp1

1:16.0.4-1~exp1

1:16.0.5-1~exp1

1:16.0.5-1

1:16.0.6-1

1:16.0.6-2

1:16.0.6-3

1:16.0.6-4

1:16.0.6-5

1:16.0.6-6

1:16.0.6-7

1:16.0.6-8

1:16.0.6-9

1:16.0.6-10

1:16.0.6-11

1:16.0.6-12

1:16.0.6-13

1:16.0.6-14

1:16.0.6-15~deb11u1

1:16.0.6-15~deb11u2

1:16.0.6-15~deb12u1

1:16.0.6-15

1:16.0.6-15exp1

1:16.0.6-15+x32

1:16.0.6-16

1:16.0.6-17

1:16.0.6-17exp1

1:16.0.6-18

1:16.0.6-19

1:16.0.6-19.1~exp1

1:16.0.6-20

1:16.0.6-21

1:16.0.6-22

1:16.0.6-23

1:16.0.6-24

1:16.0.6-25

1:16.0.6-26

1:16.0.6-27

1:16.0.6-27+hurd.1

1:16.0.6-27+x32

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / llvm-toolchain-16

Package

Name: llvm-toolchain-16
Purl: pkg:deb/debian/llvm-toolchain-16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.0.0~+rc1-1~exp1

1:16.0.0~+rc2-1~exp1

1:16.0.0~+rc3-1~exp1

1:16.0.0~+rc4-1~exp1

1:16.0.0-1~exp1

1:16.0.0-1~exp2

1:16.0.0-1~exp3

1:16.0.0-1~exp4

1:16.0.0-1~exp5

1:16.0.1-1~exp1

1:16.0.1-1~exp2

1:16.0.2-1~exp1

1:16.0.3-1~exp1

1:16.0.4-1~exp1

1:16.0.5-1~exp1

1:16.0.5-1

1:16.0.6-1

1:16.0.6-2

1:16.0.6-3

1:16.0.6-4

1:16.0.6-5

1:16.0.6-6

1:16.0.6-7

1:16.0.6-8

1:16.0.6-9

1:16.0.6-10

1:16.0.6-11

1:16.0.6-12

1:16.0.6-13

1:16.0.6-14

1:16.0.6-15~deb11u1

1:16.0.6-15~deb11u2

1:16.0.6-15~deb12u1

1:16.0.6-15

1:16.0.6-15exp1

1:16.0.6-15+x32

1:16.0.6-16

1:16.0.6-17

1:16.0.6-17exp1

1:16.0.6-18

1:16.0.6-19

1:16.0.6-19.1~exp1

1:16.0.6-20

1:16.0.6-21

1:16.0.6-22

1:16.0.6-23

1:16.0.6-24

1:16.0.6-25

1:16.0.6-26

1:16.0.6-27

1:16.0.6-27+hurd.1

1:16.0.6-27+x32

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / llvm-toolchain-17

Package

Name: llvm-toolchain-17
Purl: pkg:deb/debian/llvm-toolchain-17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:17.*

1:17.0.0~+rc2-1~exp1

1:17.0.0~+rc3-1~exp1

1:17.0.0~+rc4-1~exp1

1:17.0.0~+rc4-1~exp2

1:17.0.0~+rc4-1~exp3

1:17.0.0~+rc4-1~exp4

1:17.0.0~+rc4-1~exp5

1:17.0.1-1~exp1

1:17.0.1-1~exp2

1:17.0.2-1~exp1

1:17.0.3-1~exp1

1:17.0.4-1

1:17.0.5-1

1:17.0.6-1

1:17.0.6-2

1:17.0.6-3

1:17.0.6-4

1:17.0.6-5

1:17.0.6-5.1~exp1

1:17.0.6-6

1:17.0.6-7

1:17.0.6-9

1:17.0.6-9+powerpc.1

1:17.0.6-10

1:17.0.6-11

1:17.0.6-11+hurd.1

1:17.0.6-12

1:17.0.6-12+x32

1:17.0.6-13

1:17.0.6-14

1:17.0.6-15

1:17.0.6-17

1:17.0.6-18

1:17.0.6-19

1:17.0.6-20

1:17.0.6-21

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / llvm-toolchain-18

Package

Name: llvm-toolchain-18
Purl: pkg:deb/debian/llvm-toolchain-18?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:18.*

1:18.1.0~rc1-1

1:18.1.0~rc1-2

1:18.1.0~rc1-3

1:18.1.0~rc2-1

1:18.1.0~rc2-2

1:18.1.0~rc2-3

1:18.1.0~rc2-4

1:18.1.0~rc4-1

1:18.1.0~rc4-2

1:18.1.0~++20240126095841+0991d3c7b53d-1~exp1

1:18.1.0-1

1:18.1.0-1+powerpc

1:18.1.0-2

1:18.1.0-rc1-1~exp1

1:18.1.1-1

1:18.1.2-1

1:18.1.3-1

1:18.1.4-1

1:18.1.5-1

1:18.1.5-2

1:18.1.5-3

1:18.1.6-1

1:18.1.6-1+x32

1:18.1.7-1

1:18.1.8-1

1:18.1.8-2~exp1

1:18.1.8-2~exp2

1:18.1.8-2

1:18.1.8-3

1:18.1.8-4

1:18.1.8-5

1:18.1.8-6

1:18.1.8-7

1:18.1.8-8

1:18.1.8-9

1:18.1.8-9+hurd.1

1:18.1.8-10

1:18.1.8-11

1:18.1.8-12

1:18.1.8-12+powerpc

1:18.1.8-13

1:18.1.8-14

1:18.1.8-15

1:18.1.8-16

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / llvm-toolchain-19

Package

Name: llvm-toolchain-19
Purl: pkg:deb/debian/llvm-toolchain-19?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:19.*

1:19.1.0~++20240724103243+7af27be6633a-1~exp1

1:19.1.0~++rc2-1~exp1

1:19.1.0~++rc3-1~exp1

1:19.1.0~++rc3-1

1:19.1.0~++rc3-2

1:19.1.0~++rc4-1

1:19.1.0~++rc4-2

1:19.1.0~++rc4-3

1:19.1.0~++rc4-4

1:19.1.0~++rc4-5

1:19.1.0-1

1:19.1.0-2

1:19.1.0-3

1:19.1.0-3.1

1:19.1.0-4

1:19.1.1-1

1:19.1.1-1+powerpc

1:19.1.2-1

1:19.1.2-1+hurd.1

1:19.1.2-1+hurd.2

1:19.1.2-1+powerpc

1:19.1.2-1+powerpc.1

1:19.1.2-2

1:19.1.3-1

1:19.1.3-2

1:19.1.4-1~deb12u1

1:19.1.4-1

1:19.1.5-1

1:19.1.6-1

1:19.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / llvm-toolchain-19

Package

Name: llvm-toolchain-19
Purl: pkg:deb/debian/llvm-toolchain-19?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:19.*

1:19.1.0~++20240724103243+7af27be6633a-1~exp1

1:19.1.0~++rc2-1~exp1

1:19.1.0~++rc3-1~exp1

1:19.1.0~++rc3-1

1:19.1.0~++rc3-2

1:19.1.0~++rc4-1

1:19.1.0~++rc4-2

1:19.1.0~++rc4-3

1:19.1.0~++rc4-4

1:19.1.0~++rc4-5

1:19.1.0-1

1:19.1.0-2

1:19.1.0-3

1:19.1.0-3.1

1:19.1.0-4

1:19.1.1-1

1:19.1.1-1+powerpc

1:19.1.2-1

1:19.1.2-1+hurd.1

1:19.1.2-1+hurd.2

1:19.1.2-1+powerpc

1:19.1.2-1+powerpc.1

1:19.1.2-2

1:19.1.3-1

1:19.1.3-2

1:19.1.4-1~deb12u1

1:19.1.4-1

1:19.1.5-1

1:19.1.6-1

1:19.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}