Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.

On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M tf-m@lists.trustedfirmware.org wrote:

Hi Everyone, There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution. Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below :

1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005
2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576.

Please let us know if you have any comments. BR /Ken Liu [1] https://developer.trustedfirmware.org/w/collaboration/security_center/report... -- TF-M mailing list TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

Is there plans for a security release of TFM v1.2 with this fix?

- k