“Made public on Monday was CVE-2021-35465 as a new security vulnerability affecting various Arm products. For unmitigated (ARMv8-M) hardware, Arm has posted a series of GCC compiler patches for working around the issue.
CVE-2021-35465 is this new Arm processor vulnerability affecting a subset of their designs — particularly ARMv8-M and ARMv8.1-M products for micro-controllers and other embedded use-cases for TrustZone and more. Per the CVE-2021-35465 disclosure: Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration). ”