Hi Everyone,

This email is a notification of a new security vulnerability reported to TF-M.

It’s about the Crypto service in TF-M - abort() function may not take effect in TF-M Crypto multi-part MAC/hashing/cipher operations.

 

Please check the details in the security advisory attached. (.rst version is coming soon)

The fix has been merged on the latest master branch - Crypto: Remove unnecessary multi-part operation clean-up (I9cd0fa38) · Gerrit Code Review (trustedfirmware.org)

 

We’re planning a hot fix release. Will share the plan with you when it’s ready.

Thanks.

 

Regards,

David Wang

ARM Electronic Technology (Shanghai) Co., Ltd

Phone: +86-21-6154 9142 (ext. 59142)