Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement βArm v8-M Security Extensions Requirements on Development Toolsβ prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.
[
{
"defaultStatus": "unaffected",
"product": "Arm v8-M Security Extensions Requirements on Development Tools",
"vendor": "Arm",
"versions": [
{
"lessThan": "1.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
]