An attacker can trigger this vulnerability by providing a specially crafted x509 certificate to the target which performs a series of checks on the certificate. While performing these checks the application fails to properly parse the public key. This results in the invalid free of a stack pointer. There is a mitigating factor associated with this vulnerability in that the memory space that is pointed to is zeroed out shortly before the vulnerability is triggered. The vulnerability exists in the part of the code responsible for handling elliptic curve cryptography keys.”]
Source: https://blog.talosintelligence.com/2017/04/vulnerability-spotlight-arm-tls.html