Hi Everyone,
There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution.
Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below :
1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576.
Please let us know if you have any comments.
BR
/Ken Liu
[1] https://developer.trustedfirmware.org/w/collaboration/security_center/report...
tf-m@lists.trustedfirmware.org