CVE-2024-0151

Published: Apr 24, 2024

Modified: Aug 9, 2024

PUBLISHED

Description

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.

Vendor	Product	Versions
Arm	Arm v8-M Security Extensions Requirements on Development Tools	affected `1.0 - < 1.4`

Weaknesses (CWE)

CWE-241

References

https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-0151

Description

Affected Products

Weaknesses (CWE)

References