[TF-M] Security Vulnerability Notice - unauthorized access to PRoT data from ARoT partitions via SPM logging service if enabled

10 Apr 2024


      Hi Everyone,
There is a new security vulnerability found in SPM logging service which allows a malicious ARoT partition to expose any memory data via stdout interface, usually UART. Please check the details in:
*   TF-M Security advisory attached to this mail:
  *   Patch to fix the issue on the main branch as commit:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/27793
This vulnerability fix will be included in the upcoming TF-M v2.1.0 release without a dedicated hot fix.
Thanks to Roman Mazurak who reported the issue.
Please let us know if you have any comments.
Best regards,
Anton

2024

2023

2022

2021

2020

2019

2018

[TF-M] Security Vulnerability Notice - unauthorized access to PRoT data from ARoT partitions via SPM logging service if enabled