{"id":"AZL-53888","summary":"CVE-2024-7883 affecting package clang for versions less than 18.1.2-4","details":"When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers.","modified":"2026-04-01T05:18:09.163079Z","published":"2024-10-31T17:15:14Z","upstream":["CVE-2024-7883"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7883"}],"affected":[{"package":{"name":"clang","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/clang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.1.2-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53888.json"}}],"schema_version":"1.7.5"}