1Advisory TFV-12 (CVE-2024-5660) 2================================ 3 4+----------------+--------------------------------------------------------------+ 5| Title | When Hardware Page Aggregation (HPA) is enabled memory | 6| | accesses may be translated incorrectly. | 7+================+==============================================================+ 8| CVE ID | `CVE-2024-5660`_ | 9+----------------+--------------------------------------------------------------+ 10| Date | Reported on 26 Jan 2024 | 11+----------------+--------------------------------------------------------------+ 12| Versions | TF-A version from v2.2 to v2.12 | 13| Affected | LTS releases lts-v2.8.0 to lts-v2.8.26 | 14| | LTS releases lts-v2.10.0 to lts-v2.10.10 | 15+----------------+--------------------------------------------------------------+ 16| Configurations | Arm CPUs with Hardware Page Aggregation (HPA) running in | 17| Affected | environments where a modified, untrusted guest OS may | 18| | operate, especially with specific hypervisors. | 19+----------------+--------------------------------------------------------------+ 20| Impact | Potential for a compromised guest OS to attack the host via | 21| | HPA mechanism, resulting in possible information disclosure. | 22+----------------+--------------------------------------------------------------+ 23| Fix Version | `Gerrit-Patches`_ | 24+----------------+--------------------------------------------------------------+ 25| Credit | Arm | 26+----------------+--------------------------------------------------------------+ 27 28Description 29----------- 30 31A vulnerability has been identified in certain Arm CPUs implementing the 32Hardware Page Aggregation (HPA) feature. In environments utilizing virtualization, 33a specially crafted or compromised guest operating system could exploit this 34vulnerability to affect the host system. This could potentially lead to information 35disclosure depending on the deployment scenario and hypervisor configuration. 36 37The below table lists the CPUs that mitigate against this vulnerability in TF-A. 38 39+---------------+ 40| **Core** | 41+---------------+ 42| Cortex-A77 | 43+---------------+ 44| Cortex-A78 | 45+---------------+ 46| Cortex-A78C | 47+---------------+ 48| Cortex-A78AE | 49+---------------+ 50| Cortex-A710 | 51+---------------+ 52| Cortex-X1 | 53+---------------+ 54| Cortex-X2 | 55+---------------+ 56| Cortex-X3 | 57+---------------+ 58| Cortex-X4 | 59+---------------+ 60| Cortex-X925 | 61+---------------+ 62| Neoverse-V1 | 63+---------------+ 64| Neoverse-V2 | 65+---------------+ 66| Neoverse-V3 | 67+---------------+ 68| Neoverse-N2 | 69+---------------+ 70 71Mitigation and Recommendations 72------------------------------ 73 74Arm recommends following the mitigation steps and configuration changes described in the 75official advisory. The issue is avoided by setting CPUECTLR_EL1[46] to 1 which will 76disable hardware page aggregation. 77 78Users should refer to the latest firmware updates as provided by vendors 79and ensure that HPA-related security mitigations are enabled where applicable. 80 81For further technical information, affected CPUs, and detailed guidance, refer to the 82full `Official Arm Advisory`_. 83 84.. _CVE-2024-5660: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5660 85.. _Gerrit-Patches: https://review.trustedfirmware.org/q/topic:%22sm/fix_erratum%22 86.. _Official Arm Advisory: https://developer.arm.com/documentation/110324/latest 87