CVE-2024-7883
Published: 31 October 2024
Summary
CVE-2024-7883 is a low-severity Sensitive Information in Resource Not Removed Before Reuse (CWE-226) vulnerability in Arm Arm Compiler For Embedded Fusa. Its CVSS base score is 3.7 (Low).
Operationally, ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48728
Vulnerability details
When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use…
more
of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The eradication and cross-system identification steps ensure sensitive information is removed before resources are reused or further accessed.
Requiring sanitization of media prior to removal for off-site maintenance ensures sensitive information is removed before the resource is reused or accessed externally.
Procedures include sanitization, overwriting, and disposal requirements to remove sensitive data before media reuse or release.
Requiring sanitization prior to reuse directly ensures sensitive information is removed from resources before they are reused by others.
Downgrading enables reuse of media at lower security levels, and the mandated process ensures sensitive information is removed beforehand to prevent exposure on reused resources.
Directly requires removal of sensitive data from resources before reuse or reallocation to another subject, eliminating residual information transfer.
Explicit retention limits and destruction rules reduce the persistence of sensitive information in reusable resources.
Periodic quality checks and deletion ensure sensitive PII is removed from resources prior to reuse or retention beyond its valid lifetime.