Vulnerabilities > CVE-2020-16273 - Integer Underflow (Wrap or Wraparound) vulnerability in ARM Armv8-M Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

arm

CWE-191

NVD

Published: 2020-11-12

Updated: 2020-12-01

Summary

In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension.

Vulnerable Configurations

Part	Description	Count
OS	Arm ARM Armv8 M Firmware *	1
Hardware	Arm ARM Armv8 M -	1

Common Weakness Enumeration (CWE)

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

https://developer.arm.com/support/arm-security-updates/armv8-m-stack-sealing