CVE-2024-0151

2024-04-2418:15:11

CWE-241

[email protected]

web.nvd.nist.gov

insufficient argument checking

secure state entry functions

cortex-m

security extensions

out of range values

incorrect operations

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

JSON

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement ‘Arm v8-M Security Extensions Requirements on Development Tools’ prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Arm v8-M Security Extensions Requirements on Development Tools",
    "vendor": "Arm",
    "versions": [
      {
        "lessThan": "1.4",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions