CVE-2024-0151

Name of the Vulnerable Software and Affected Versions Software using Cortex-M Security Extensions (CMSE) compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4

Description The issue is related to insufficient argument checking in Secure state Entry functions. This allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits, potentially leading to incorrect operations in secure state.

Recommendations For software using Cortex-M Security Extensions (CMSE) compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, consider updating the toolchain to version 1.4 or later to address the issue. At the moment, there is no information about additional mitigation measures.