Armv8-M processor Secure software Stack Sealing vulnerability - Updated 16/Oct/2020

A report has been presented to Arm which shows that Secure software executing on Armv8-M processors may be vulnerable to attacks generated from the Non-secure state; if the Secure software does not properly manage the Secure stacks when the stacks are created, or when performing non-standard transitioning between states or modes, for example, creating a fake exception return stack frame to deprivilege an interrupt. The mitigation for this vulnerability is purely in software and is referred as Stack Sealing. It is only necessary in Armv8-M processors where the TrustZone security extension is being used, i.e. there is code running in both Secure and Non-secure states. No changes to hardware are required.

CVE CVE-2020-16273
Title Armv8-M processor Secure software Stack Sealing vulnerability.
Disclosure date 16th October 2020
Affects Any Arm v8-M Secure software that initiates stacks in the secure state.
Impacts If Stack Sealing operation(s) is not carried out in the Secure software, it can allow an attacker running code in the Non-secure state to trigger a stack underflow attack without immediately triggering a fault exception. This can only affect software on Armv8-M based processors with TrustZone extensions, running software in both Secure and Non-secure states.
Severity Medium
Credit Matvey Mukha

What is the impact of this vulnerability?

This vulnerability could allow a malicious agent to trigger a stack underflow in the Secure world software without immediately triggering a fault exception in the Secure world. This change could lead to incorrect operation of the Secure code execution, which could cause Denial of Service from the Secure code or incorrect operation of the platform.

If the attack is targeted on stack underflow, the vulnerability is dependent on the uninitialized data at the top of the stack. If the attack is targeted on an alternate Secure stack that has been used, the consequence depends on the data previously written to the stack. This might include data previously passed from the Non-secure world to the Secure world, and can therefore be affected by the malicious agent.

What is the software mitigation for secure software to run on Armv8-M cores?

Software that executes on Armv8-M based processors with security extensions to isolate between the Secure and Non-secure states, and where a malicious agent may run their own code in the Non-secure world, require that all Secure stacks are sealed.

Secure state software that runs on an Arm Cortex®-M23, Cortex-M33, Cortex-M35P, or Cortex-M55 processors, and any Secure state software that runs on an Armv8-M based processor which has implemented the Security extensions developed under license from Arm, should be reviewed to determine whether that software may be vulnerable to the attack described on this page and in the Armv8-M Secure Stack Sealing advisory notice.

Note that this technique is already accounted for in the architecture, and the relevant data value for Stack Sealing is declared. Arm has now issued improved software guidance to mitigate the Secure Stack Sealing vulnerability.