{"id":"CVE-2024-7883","details":"When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers.","modified":"2026-04-10T05:19:42.259128Z","published":"2024-10-31T17:15:14.013Z","references":[{"type":"EVIDENCE","url":"https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"6.6"},{"fixed":"6.23"}]},{"events":[{"introduced":"0"},{"last_affected":"6.16"}]},{"events":[{"introduced":"0"},{"last_affected":"6.21"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"11.0.0"},{"fixed":"20.1.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7883.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}