Leakage of Secure Stack Contents in Arm Cortex-M Devices

CVE-2024-7883

Summary

Certain implementations of the Arm Cortex-M Security Extensions face a vulnerability where secure stack contents can be inadvertently exposed to non-secure states when floating-point values are returned during a function call. This issue arises specifically from the initial usage of floating-point operations after entering the secure state and is attributed to code generated with LLVM-based compilers. As a result, attackers may gain access to limited secure stack data, which poses a potential risk to data confidentiality.

References