Armv8-M processor Secure software Stack Sealing vulnerability - Updated 16/Oct/2020
A report has been presented to Arm which shows that Secure software executing on Armv8-M processors may be vulnerable to attacks generated from the Non-secure state; if the Secure software does not properly manage the Secure stacks when the stacks are created, or when performing non-standard transitioning between states or modes, for example, creating a fake exception return stack frame to deprivilege an interrupt. The mitigation for this vulnerability is purely in software and is referred as Stack Sealing. It is only necessary in Armv8-M processors where the TrustZone security extension is being used, i.e. there is code running in both Secure and Non-secure states. No changes to hardware are required.
CVE | CVE-2020-16273 |
Title | Armv8-M processor Secure software Stack Sealing vulnerability. |
Disclosure date | 16th October 2020 |
Affects | Any Arm v8-M Secure software that initiates stacks in the secure state. |
Impacts | If Stack Sealing operation(s) is not carried out in the Secure software, it can allow an attacker running code in the Non-secure state to trigger a stack underflow attack without immediately triggering a fault exception. This can only affect software on Armv8-M based processors with TrustZone extensions, running software in both Secure and Non-secure states. |
Severity | Medium |
Credit | Matvey Mukha |
Armv8-M Secure Stack Sealing advisory notice
DownloadContact us
If you need to talk to us about this issue, contact us at arm-security@arm.com, or you can submit a support ticket if you have any additional questions not covered by the Armv8-M Secure Stack Sealing advisory notice.