18aa05055SPaul BeesleySecurity Handling 28aa05055SPaul Beesley================= 38aa05055SPaul Beesley 48aa05055SPaul BeesleySecurity Disclosures 58aa05055SPaul Beesley-------------------- 68aa05055SPaul Beesley 755f14059SJohn TsichritzisWe disclose all security vulnerabilities we find, or are advised about, that are 855f14059SJohn Tsichritzisrelevant to Trusted Firmware-A. We encourage responsible disclosure of 98aa05055SPaul Beesleyvulnerabilities and inform users as best we can about all possible issues. 108aa05055SPaul Beesley 1155f14059SJohn TsichritzisWe disclose TF-A vulnerabilities as Security Advisories, all of which are listed 12fa27d116SSandrine Bailleuxat the bottom of this page. Any new ones will, additionally, be announced on the 13fa27d116SSandrine BailleuxTF-A project's `mailing list`_. 148aa05055SPaul Beesley 158aa05055SPaul BeesleyFound a Security Issue? 168aa05055SPaul Beesley----------------------- 178aa05055SPaul Beesley 1855f14059SJohn TsichritzisAlthough we try to keep TF-A secure, we can only do so with the help of the 198aa05055SPaul Beesleycommunity of developers and security researchers. 208aa05055SPaul Beesley 21ecad5b89SSandrine Bailleux.. warning:: 22ecad5b89SSandrine Bailleux If you think you have found a security vulnerability, please **do not** 23ecad5b89SSandrine Bailleux report it in the `issue tracker`_ or on the `mailing list`_. Instead, please 24ecad5b89SSandrine Bailleux follow the `TrustedFirmware.org security incident process`_. 25ecad5b89SSandrine Bailleux 26ecad5b89SSandrine BailleuxOne of the goals of this process is to ensure providers of products that use 27ecad5b89SSandrine BailleuxTF-A have a chance to consider the implications of the vulnerability and its 28ecad5b89SSandrine Bailleuxremedy before it is made public. As such, please follow the disclosure plan 29ecad5b89SSandrine Bailleuxoutlined in the process. We do our best to respond and fix any issues quickly. 308aa05055SPaul Beesley 3155f14059SJohn TsichritzisAfterwards, we encourage you to write-up your findings about the TF-A source 3255f14059SJohn Tsichritziscode. 338aa05055SPaul Beesley 348aa05055SPaul BeesleyAttribution 358aa05055SPaul Beesley----------- 368aa05055SPaul Beesley 371367cc19SSandrine BailleuxWe will name and thank you in the :ref:`Change Log & Release Notes` distributed 381367cc19SSandrine Bailleuxwith the source code and in any published security advisory. 398aa05055SPaul Beesley 408aa05055SPaul BeesleySecurity Advisories 418aa05055SPaul Beesley------------------- 428aa05055SPaul Beesley 438aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 448aa05055SPaul Beesley| ID | Title | 458aa05055SPaul Beesley+===========+==================================================================+ 4634760951SPaul Beesley| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly | 478aa05055SPaul Beesley| | large data into secure memory | 488aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 4934760951SPaul Beesley| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow | 508aa05055SPaul Beesley| | normal world to panic secure world | 518aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5234760951SPaul Beesley| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 | 538aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5434760951SPaul Beesley| |TFV-4| | Malformed Firmware Update SMC can result in copy or | 558aa05055SPaul Beesley| | authentication of unexpected data in secure memory in AArch32 | 568aa05055SPaul Beesley| | state | 578aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5834760951SPaul Beesley| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure | 598aa05055SPaul Beesley| | world timing information | 608aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6134760951SPaul Beesley| |TFV-6| | Trusted Firmware-A exposure to speculative processor | 628aa05055SPaul Beesley| | vulnerabilities using cache timing side-channels | 638aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6434760951SPaul Beesley| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability | 658aa05055SPaul Beesley| | Variant 4 | 668aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6734760951SPaul Beesley| |TFV-8| | Not saving x0 to x3 registers can leak information from one | 688aa05055SPaul Beesley| | Normal World SMC client to another | 698aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 7043f3a9c4SManish V Badarkhe| |TFV-9| | Trusted Firmware-A exposure to speculative processor | 7143f3a9c4SManish V Badarkhe| | vulnerabilities with branch prediction target reuse | 7243f3a9c4SManish V Badarkhe+-----------+------------------------------------------------------------------+ 7343f3a9c4SManish V Badarkhe| |TFV-10| | Incorrect validation of X.509 certificate extensions can result | 7443f3a9c4SManish V Badarkhe| | in an out-of-bounds read | 7543f3a9c4SManish V Badarkhe+-----------+------------------------------------------------------------------+ 76d1eb4e23SManish Pandey| |TFV-11| | A Malformed SDEI SMC can cause out of bound memory read | 77d1eb4e23SManish Pandey+-----------+------------------------------------------------------------------+ 788aa05055SPaul Beesley 79*77f7a6a8SSandrine Bailleux.. _issue tracker: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues 80f4a55e6bSSandrine Bailleux.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/ 8134760951SPaul Beesley 8234760951SPaul Beesley.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` 8334760951SPaul Beesley.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` 8434760951SPaul Beesley.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)` 8534760951SPaul Beesley.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)` 8634760951SPaul Beesley.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)` 8734760951SPaul Beesley.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` 8834760951SPaul Beesley.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` 8934760951SPaul Beesley.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` 9043f3a9c4SManish V Badarkhe.. |TFV-9| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)` 9143f3a9c4SManish V Badarkhe.. |TFV-10| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)` 92d1eb4e23SManish Pandey.. |TFV-11| replace:: :ref:`Advisory TFV-11 (CVE-2023-49100)` 9334760951SPaul Beesley 94979c5482SSandrine Bailleux.. _TrustedFirmware.org security incident process: https://trusted-firmware-docs.readthedocs.io/en/latest/security_center/ 951367cc19SSandrine Bailleux 9634760951SPaul Beesley-------------- 9734760951SPaul Beesley 98fa27d116SSandrine Bailleux*Copyright (c) 2019-2023, Arm Limited. All rights reserved.* 99