Hello,
This email is a notification of a new security vulnerability reported to TF-M by Infineon Technologies AG, in collaboration with: Tobias Scharnowski, Simon Wörner and Johannes Willbold from fuzzware.io.
Unchecked user-supplied pointer via mailbox messages may cause write of arbitrary address.
Please find the security advisory attached. The fix has been merged on the latest main branch tfm_spe_mailbox: Do not write-back on input vectors checks failure<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/31512>
We're preparing a hotfix release v2.1.1 to include fixes for this vulnerability and bugs reported till that date via TF-M issue tracker: https://github.com/TrustedFirmware-M/trusted-firmware-m/issues?q=is%3Aissue
Thanks and best regards
Author
Hello,
The next Technical Forum is planned on Thursday, Sep 12 at 7:00-8:00 UTC (East time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi everyone,
It has come to our attention that QEMU is no longer able to run the regression tests in a timely manner, and before we go ahead and outright disable them, we would like to know if anyone is using QEMU for their platform testing.
If so, please reply to this message and we can have further discussion on the point.
Thanks, Matt