Hi all,
This email is a notification of a new security vulnerability reported to TF-M.
In TF-M version between 3e7129fhttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=3e7129f and 921d0eahttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=921d0ea, the caller of ``psa_fwu_write()`` from SPE or NSPE can overwrite the stack memory outside of the local buffer in Firmware Update partition in IPC model.
Please check the details in the security advisory dochttps://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/13873/5/docs/security/security_advisories/fwu_write_vulnerability.rst. The advisory has been merged in master branch today. The fixhttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=78f7530 has been merged into master branch before TF-Mv1.5.0.
Regards,
Sherry Zhang
tf-m@lists.trustedfirmware.org