cvedb.io
CVE-2024-7883
LOW · CVSS 3.7
EPSS exploitation probability: 0%
Published 2024-10-31T17:15:14.013 · Last modified 2026-06-17T08:21:06.623

Summary

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

Affected products

arm — arm_compiler_for_embedded

Does this affect you?

Add your gear to cvedb and we'll alert you only when arm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.