CVE-2020-24658

Name of the Vulnerable Software and Affected Versions Arm Compiler versions 5 through 5.06u6

Description The issue concerns a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to any vulnerable arrays. The guard value is checked for corruption on function return, leading to an error-handler call if corrupted. However, in certain circumstances, the reference value compared against the guard value is also written to the stack, potentially after vulnerable arrays, when the function runs out of registers for temporary data. This can lead to the stack protection failing to spot corruption if both the reference and guard values are overwritten with the same value, which would require both a buffer overflow and a buffer underflow in the vulnerable arrays, or another vulnerability causing two separated stack entries to be corrupted.

Recommendations For Arm Compiler versions 5 through 5.06u6, consider disabling the stack protection feature temporarily until a patch is available, as a workaround to minimize the risk of exploitation. Restrict the use of vulnerable arrays in local functions to reduce the likelihood of buffer overflows and underflows. Avoid using the stack for temporary data when possible, to prevent the reference value from being written to the stack. At the moment, there is no information about a newer version that contains a fix for this issue.