CVE-2024-0151 Vulnerability Details

  /     /     /  

CVE-2024-0151 Metadata Quick Info

CVE Published: 24/04/2024 | CVE Updated: 09/08/2024 | CVE Year: 2024
Source: Arm | Vendor: Arm | Product: Arm v8-M Security Extensions Requirements on Development Tools
Status : PUBLISHED

CVE-2024-0151 Description

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement \'Arm v8-M Security Extensions Requirements on Development Tools\' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-241
CWE Name: CWE-241 Improper Handling of Unexpected Data Type
Source: Arm

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: