14] Fix to security weaknesses in PCS for CMSE

ricbal02 at gcc dot gnu.org via Gcc-bugs Wed, 24 Apr 2024 08:40:11 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114837


            Bug ID: 114837
           Summary: [11/12/13/14] Fix to security weaknesses in PCS for
                    CMSE
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: ricbal02 at gcc dot gnu.org
  Target Milestone: ---

Security weaknesses exist in PCS for CMSE. To resolve this a patch will be
upstreamed and backported which will:

1) When calling a secure function from non-secure code then any arguments
   smaller than 32-bits that are passed in registers are zero- or
sign-extended.
2) After a non-secure function returns into secure code then any return value
   smaller than 32-bits that is passed in a register is  zero- or
sign-extended.

This patch will fix the following: CVE-2024-0151.

[Bug target/114837] New: [11/12/13/14] Fix to security weaknesses in PCS for CMSE

Reply via email to