When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Arm Compiler For Embedded
Arm Compiler For Embedded Fusa
Arm Compiler For Functional Safety
Clang
NVD
CVSS 3.1
3.7
EPSS
0.5%
Nix is a package manager for Linux and other Unix systems. Rated low severity (CVSS 1.0). No vendor patch available.
Apple
Information Disclosure
NVD
GitHub
CVSS 4.0
1.0
EPSS
0.2%