Hi Everyone,

 

There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution.

 

Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below :

 

1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005

2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576.

 

Please let us know if you have any comments.

 

BR

 

/Ken Liu

 

[1] https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/