Hi all,

 

This email is a notification of a new security vulnerability reported to TF-M.

In TF-M version between 3e7129f and 921d0ea, the caller of ``psa_fwu_write()`` from SPE or NSPE can overwrite the stack memory outside of the  local buffer in Firmware Update partition in IPC model.

 

Please check the details in the security advisory doc. The advisory has been merged in master branch today. The fix has been merged into master branch before TF-Mv1.5.0.

 

Regards,

Sherry Zhang