CVE-2024-7883

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7883

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7883.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7883

Downstream

BELL-CVE-2024-7883

DEBIAN-CVE-2024-7883

UBUNTU-CVE-2024-7883

Published

2024-10-31T17:15:14Z

Modified

2025-09-11T09:01:40Z

Summary

[none]

Details

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

References

https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability

CVE-2024-7883

Affected packages