{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7883", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "state": "PUBLISHED", "assignerShortName": "Arm", "dateReserved": "2024-08-16T15:09:09.866Z", "datePublished": "2024-10-31T17:01:49.725Z", "dateUpdated": "2024-10-31T17:53:36.751Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Arm Compiler for Embedded", "vendor": "Arm Ltd", "versions": [{"changes": [{"at": "6.23", "status": "unaffected"}], "lessThanOrEqual": "6.22", "status": "affected", "version": "6.6", "versionType": "semver"}]}, {"defaultStatus": "affected", "platforms": ["Windows", "Linux", "ARM"], "product": "Arm Compiler for Embedded FuSa 6.16LTS", "vendor": "Arm Ltd", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "affected", "product": "Arm Compiler for Embedded FuSa 6.21", "vendor": "Arm Ltd", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "affected", "platforms": ["Windows", "Linux", "ARM"], "product": "Arm Compiler for Functional Safety 6.6", "vendor": "Arm Ltd", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows", "Linux", "ARM"], "product": "CLang", "vendor": "Arm Ltd", "versions": [{"changes": [{"at": "20", "status": "unaffected"}], "lessThanOrEqual": "19", "status": "affected", "version": "13", "versionType": "semver"}]}], "datePublic": "2024-10-31T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."}], "value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-226", "description": "CWE-226 Sensitive Information in Resource Not Removed Before Reuse", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2024-10-31T17:01:49.725Z"}, "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Recompile affected code using a fixed compiler.\n\n<br>"}], "value": "Recompile affected code using a fixed compiler."}], "source": {"discovery": "INTERNAL"}, "title": "CMSE secure state may leak from stack to floating-point registers", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-31T17:53:14.089857Z", "id": "CVE-2024-7883", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T17:53:36.751Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7883", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-31T17:53:14.089857Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T17:53:22.080Z"}}], "cna": {"title": "CMSE secure state may leak from stack to floating-point registers", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arm Ltd", "product": "Arm Compiler for Embedded", "versions": [{"status": "affected", "changes": [{"at": "6.23", "status": "unaffected"}], "version": "6.6", "versionType": "semver", "lessThanOrEqual": "6.22"}], "defaultStatus": "unaffected"}, {"vendor": "Arm Ltd", "product": "Arm Compiler for Embedded FuSa 6.16LTS", "versions": [{"status": "affected", "version": "All versions"}], "platforms": ["Windows", "Linux", "ARM"], "defaultStatus": "affected"}, {"vendor": "Arm Ltd", "product": "Arm Compiler for Embedded FuSa 6.21", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "affected"}, {"vendor": "Arm Ltd", "product": "Arm Compiler for Functional Safety 6.6", "versions": [{"status": "affected", "version": "All versions"}], "platforms": ["Windows", "Linux", "ARM"], "defaultStatus": "affected"}, {"vendor": "Arm Ltd", "product": "CLang", "versions": [{"status": "affected", "changes": [{"at": "20", "status": "unaffected"}], "version": "13", "versionType": "semver", "lessThanOrEqual": "19"}], "platforms": ["Windows", "Linux", "ARM"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Recompile affected code using a fixed compiler.", "supportingMedia": [{"type": "text/html", "value": "Recompile affected code using a fixed compiler.\n\n<br>", "base64": false}]}], "datePublic": "2024-10-31T16:00:00.000Z", "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers.", "supportingMedia": [{"type": "text/html", "value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-226", "description": "CWE-226 Sensitive Information in Resource Not Removed Before Reuse"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2024-10-31T17:01:49.725Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7883", "state": "PUBLISHED", "dateUpdated": "2024-10-31T17:53:36.751Z", "dateReserved": "2024-08-16T15:09:09.866Z", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "datePublished": "2024-10-31T17:01:49.725Z", "assignerShortName": "Arm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arm:arm_compiler_for_embedded:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DD47BCD-A63A-416B-9441-0C8150B78DBA", "versionEndExcluding": "6.23", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16:*:*:*:lts:*:*:*", "matchCriteriaId": "27EF772A-BF7D-487A-9B34-6521220068F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.21:*:*:*:lts:*:*:*", "matchCriteriaId": "C00CD65D-11D2-4EEA-B3A5-B57A3E61943E", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:arm_compiler_for_functional_safety:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E56C6F5A-5EA7-42F8-958D-9B02944C57BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:clang:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E5FA179-8BC7-4A97-8F44-638F7777665E", "versionEndExcluding": "20.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."}, {"lang": "es", "value": "Al utilizar las extensiones de seguridad Arm Cortex-M (CMSE), el contenido de la pila segura puede filtrarse al estado no seguro a trav\u00e9s de registros de punto flotante cuando se realiza una llamada de funci\u00f3n de seguro a no seguro que devuelve un valor de punto flotante y cuando este es el primer uso del punto flotante desde que se ingresa al estado seguro. Esto permite que un atacante lea una cantidad limitada de contenido de la pila segura con un impacto en la confidencialidad. Este problema es espec\u00edfico del c\u00f3digo generado mediante compiladores basados ??en LLVM."}], "id": "CVE-2024-7883", "lastModified": "2025-12-23T15:30:31.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "arm-security@arm.com", "type": "Secondary"}]}, "published": "2024-10-31T17:15:14.013", "references": [{"source": "arm-security@arm.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability"}], "sourceIdentifier": "arm-security@arm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}], "source": "arm-security@arm.com", "type": "Secondary"}]}

{"bugzilla": {"description": "clang: CMSE secure state may leak from stack to floating-point registers", "id": "2322994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322994"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-226", "details": ["When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."], "name": "CVE-2024-7883", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "llvm-toolset:rhel8/clang", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "clang", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-31T17:01:49Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7883\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7883\nhttps://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability"], "threat_severity": "Low"}

{}