CVE-2024-7883 — Sensitive Information in Resource Not Removed Before Reuse in Llvm-toolchain-14
Severity
3.7LOWNVD
EPSS
0.4%
top 41.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 31
Description
When using Arm Cortex-M Security Extensions (CMSE), Secure stack
contents can be leaked to Non-secure state via floating-point registers
when a Secure to Non-secure function call is made that returns a
floating-point value and when this is the first use of floating-point
since entering Secure state. This allows an attacker to read a limited
quantity of Secure stack contents with an impact on confidentiality.
This issue is specific to code generated using LLVM-based compilers.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4
Affected Packages16 packages
🔴Vulnerability Details
2GHSA▶
GHSA-vwj9-2733-p4wv: When using Arm Cortex-M Security Extensions (CMSE), Secure stack
contents can be leaked to Non-secure state via floating-point registers
when a Secure↗2024-10-31
OSV▶
CVE-2024-7883: When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure↗2024-10-31
📋Vendor Advisories
3Debian▶
CVE-2024-7883: llvm-toolchain-14 - When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can b...↗2024