Armv8-M processor Secure software Stack Sealing vulnerability - Updated 16/Oct/2020
A report has been presented to Arm which shows that Secure software executing on Armv8-M processors may be vulnerable to attacks generated from the Non-secure state; if the Secure software does not properly manage the Secure stacks when the stacks are created, or when performing non-standard transitioning between states or modes, for example, creating a fake exception return stack frame to deprivilege an interrupt. The mitigation for this vulnerability is purely in software and is referred as Stack Sealing. It is only necessary in Armv8-M processors where the TrustZone security extension is being used, i.e. there is code running in both Secure and Non-secure states. No changes to hardware are required.
|Title||Armv8-M processor Secure software Stack Sealing vulnerability.|
|Disclosure date||16th October 2020|
|Affects||Any Arm v8-M Secure software that initiates stacks in the secure state.|
|Impacts||If Stack Sealing operation(s) is not carried out in the Secure software, it can allow an attacker running code in the Non-secure state to trigger a stack underflow attack without immediately triggering a fault exception. This can only affect software on Armv8-M based processors with TrustZone extensions, running software in both Secure and Non-secure states.|