CVE-2024-0151

CVE-2024-0151

Vendor Arm
Product Arm v8-M Security Extensions Requirements on Development Tools
Weakness CWE-241
Published April 24, 2024
Last update August 9, 2024

CVSS base score

What the vulnerability does

01Description

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.

Key dates

02Disclosure timeline

April 24, 2024 CVE published
August 9, 2024 Record updated