OESA-2026-2074 llvm security update

LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. Security Fixes: When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-poin...

OESA-2026-2073 llvm security update

LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. Security Fixes: When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-poin...

Azure Linux 3.0 Security Update: clang (CVE-2024-7883)

The version of clang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7883 advisory. - When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via...

CVE-2025-54515

The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors TF-A for Arm’s Power State Coordination Interface PSCI commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were...

AMD Versal Adaptive SoC 安全漏洞

AMD Versal Adaptive SoC is a chip from UltraMicro Semiconductor AMD. A security vulnerability exists in the AMD Versal Adaptive SoC that stems from an improperly set security flag on the PSCI command, which could result in requests from a non-secure state being mistakenly recognized as coming fro...

EUVD-2024-48728

Malicious code in bioql PyPI...

CMSE secure state may leak from stack to floating-point registers

...

Huawei EulerOS: Security Advisory for llvm (EulerOS-SA-2025-1336)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

CVE-2024-7883

When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...

AZL-53888 CVE-2024-7883 affecting package clang for versions less than 18.1.2-4

When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...

CVE-2024-7883

When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state...

CVE-2024-0151

Arm is aware of a potential software security issue in code that uses Cortex-M Security Extensions CMSE and has been compiled with tools that implement Arm v8-M Security Extensions Requirements on Development Tools before version 1.4. This issue potentially allows an attacker who can pass...

CVE-2024-0151

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions CMSE, that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to...

CVE-2024-0151

CVE-2024-0151 affects software using Cortex-M Security Extensions (CMSE). The issue arises from insufficient argument checking in Secure state Entry functions, allowing values out of range for types smaller than 32-bits to be passed into secure state, potentially causing incorrect operations. Pub...

CVE-2024-0151

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions CMSE, that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to...

PT-2024-15359 · Arm · Arm Cortex-M Security Extensions

Name of the Vulnerable Software and Affected Versions: Software using Cortex-M Security Extensions CMSE compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4 Description: The issue is related to insufficient argument checkin...

Announcing the VMware vExpert Security Program!

We’re excited to share that the VMware Security Products Team and Carbon Black is announcing a new Security vExperts program. If you’re not familiar with vExperts, the program is designed to recognize individuals who are passionate about sharing their knowledge of VMware technologies with the...