UBUNTU-CVE-2024-7883

Source
https://ubuntu.com/security/CVE-2024-7883
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7883.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-7883
Related
Published
2024-10-31T17:15:00Z
Modified
2025-01-29T16:32:55Z
Summary
[none]
Details

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

References

Affected packages

Ubuntu:20.04:LTS / llvm-toolchain-11

Package

Name
llvm-toolchain-11
Purl
pkg:deb/ubuntu/llvm-toolchain-11@1:11.0.0-2~ubuntu20.04.1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:11.*

1:11.0.0-2~ubuntu20.04.1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:20.04:LTS / llvm-toolchain-12

Package

Name
llvm-toolchain-12
Purl
pkg:deb/ubuntu/llvm-toolchain-12@1:12.0.0-3ubuntu1~20.04.5?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:12.*

1:12.0.0-3ubuntu1~20.04.3
1:12.0.0-3ubuntu1~20.04.4
1:12.0.0-3ubuntu1~20.04.5

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:20.04:LTS / llvm-toolchain-18

Package

Name
llvm-toolchain-18
Purl
pkg:deb/ubuntu/llvm-toolchain-18@1:18.1.8-11~20.04.2?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:18.*

1:18.1.8-11~20.04.2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:22.04:LTS / llvm-toolchain-11

Package

Name
llvm-toolchain-11
Purl
pkg:deb/ubuntu/llvm-toolchain-11@1:11.1.0-6?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:11.*

1:11.0.1-2ubuntu5
1:11.1.0-6

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:22.04:LTS / llvm-toolchain-12

Package

Name
llvm-toolchain-12
Purl
pkg:deb/ubuntu/llvm-toolchain-12@1:12.0.1-19ubuntu3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:12.*

1:12.0.1-8build1
1:12.0.1-16
1:12.0.1-19ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:22.04:LTS / llvm-toolchain-13

Package

Name
llvm-toolchain-13
Purl
pkg:deb/ubuntu/llvm-toolchain-13@1:13.0.1-2ubuntu2.2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.0.0-2
1:13.0.0-9
1:13.0.1-2ubuntu1
1:13.0.1-2ubuntu2
1:13.0.1-2ubuntu2.1
1:13.0.1-2ubuntu2.2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:22.04:LTS / llvm-toolchain-14

Package

Name
llvm-toolchain-14
Purl
pkg:deb/ubuntu/llvm-toolchain-14@1:14.0.0-1ubuntu1.1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:14.*

1:14.0.0~+rc1-1
1:14.0.0~+rc1-1ubuntu4
1:14.0.0~+rc4-1ubuntu1
1:14.0.0-1ubuntu1
1:14.0.0-1ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:22.04:LTS / llvm-toolchain-15

Package

Name
llvm-toolchain-15
Purl
pkg:deb/ubuntu/llvm-toolchain-15@1:15.0.7-0ubuntu0.22.04.3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:15.*

1:15.0.6-3~ubuntu0.22.04.2
1:15.0.7-0ubuntu0.22.04.1
1:15.0.7-0ubuntu0.22.04.2
1:15.0.7-0ubuntu0.22.04.3

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.10 / llvm-toolchain-14

Package

Name
llvm-toolchain-14
Purl
pkg:deb/ubuntu/llvm-toolchain-14@1:14.0.6-20?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:14.*

1:14.0.6-19build4
1:14.0.6-20

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.10 / llvm-toolchain-15

Package

Name
llvm-toolchain-15
Purl
pkg:deb/ubuntu/llvm-toolchain-15@1:15.0.7-15?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:15.*

1:15.0.7-14build3
1:15.0.7-15

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.10 / llvm-toolchain-16

Package

Name
llvm-toolchain-16
Purl
pkg:deb/ubuntu/llvm-toolchain-16@1:16.0.6-27?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.0.6-23ubuntu4
1:16.0.6-27

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.10 / llvm-toolchain-17

Package

Name
llvm-toolchain-17
Purl
pkg:deb/ubuntu/llvm-toolchain-17@1:17.0.6-18?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:17.*

1:17.0.6-9ubuntu1
1:17.0.6-12
1:17.0.6-15
1:17.0.6-18

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.10 / llvm-toolchain-18

Package

Name
llvm-toolchain-18
Purl
pkg:deb/ubuntu/llvm-toolchain-18@1:18.1.8-11?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:18.*

1:18.1.3-1
1:18.1.6-1
1:18.1.7-1
1:18.1.8-1
1:18.1.8-4ubuntu1
1:18.1.8-9ubuntu1
1:18.1.8-11

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.10 / llvm-toolchain-19

Package

Name
llvm-toolchain-19
Purl
pkg:deb/ubuntu/llvm-toolchain-19@1:19.1.1-1ubuntu1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:19.*

1:19.1.0~++rc2-1~exp1
1:19.1.0~++rc3-1~exp1ubuntu2
1:19.1.0~++rc3-1~exp2ubuntu5
1:19.1.0~++rc3-1~exp2ubuntu6
1:19.1.0~++rc4-5ubuntu1
1:19.1.0-1ubuntu1
1:19.1.0-4ubuntu1
1:19.1.1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.04:LTS / llvm-toolchain-14

Package

Name
llvm-toolchain-14
Purl
pkg:deb/ubuntu/llvm-toolchain-14@1:14.0.6-19build4?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:14.*

1:14.0.6-16
1:14.0.6-16build1
1:14.0.6-16build2
1:14.0.6-19build2
1:14.0.6-19build4

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.04:LTS / llvm-toolchain-15

Package

Name
llvm-toolchain-15
Purl
pkg:deb/ubuntu/llvm-toolchain-15@1:15.0.7-14build3?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:15.*

1:15.0.7-10
1:15.0.7-10build1
1:15.0.7-10build2
1:15.0.7-10ubuntu1
1:15.0.7-11
1:15.0.7-14build1
1:15.0.7-14build3

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.04:LTS / llvm-toolchain-16

Package

Name
llvm-toolchain-16
Purl
pkg:deb/ubuntu/llvm-toolchain-16@1:16.0.6-23ubuntu4?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.0.6-15
1:16.0.6-18
1:16.0.6-19
1:16.0.6-19build1
1:16.0.6-23ubuntu1
1:16.0.6-23ubuntu3
1:16.0.6-23ubuntu4

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.04:LTS / llvm-toolchain-17

Package

Name
llvm-toolchain-17
Purl
pkg:deb/ubuntu/llvm-toolchain-17@1:17.0.6-9ubuntu1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:17.*

1:17.0.2-1~exp1ubuntu2.1
1:17.0.5-1ubuntu1
1:17.0.5-1ubuntu2
1:17.0.6-2
1:17.0.6-3
1:17.0.6-5build1
1:17.0.6-9build2
1:17.0.6-9build3
1:17.0.6-9ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.04:LTS / llvm-toolchain-18

Package

Name
llvm-toolchain-18
Purl
pkg:deb/ubuntu/llvm-toolchain-18@1:18.1.3-1ubuntu1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:18.*

1:18.1.0~rc1-1
1:18.1.0~rc2-3
1:18.1.0~rc2-4
1:18.1.0~++20240126095841+0991d3c7b53d-1~exp1
1:18.1.2-1ubuntu2
1:18.1.2-1ubuntu3
1:18.1.3-1
1:18.1.3-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}

Ubuntu:24.04:LTS / llvm-toolchain-19

Package

Name
llvm-toolchain-19
Purl
pkg:deb/ubuntu/llvm-toolchain-19@1:19.1.1-1ubuntu1~24.04.2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:19.*

1:19.1.1-1ubuntu1~24.04.2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Doesn't affect the default build flags in Ubuntu"
}