cve/2024/CVE-2024-7883.md

### [CVE-2024-7883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7883)
![](https://img.shields.io/static/v1?label=Product&message=Arm%20Compiler%20for%20Embedded%20FuSa%206.16LTS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Arm%20Compiler%20for%20Embedded%20FuSa%206.21&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Arm%20Compiler%20for%20Embedded&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Arm%20Compiler%20for%20Functional%20Safety%206.6&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CLang&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=13%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=All%20versions%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-226%20Sensitive%20Information%20in%20Resource%20Not%20Removed%20Before%20Reuse&color=brightgreen)

### Description

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/adegoodyer/kubernetes-admin-toolkit
- https://github.com/drewtwitchell/scancompare
- https://github.com/fkie-cad/nvd-json-data-feeds