1###################
2Security Advisories
3###################
4
5.. toctree::
6    :maxdepth: 1
7    :hidden:
8
9    stack_seal_vulnerability
10    svc_caller_sp_fetching_vulnerability
11    crypto_multi_part_ops_abort_fail
12    profile_small_key_id_encoding_vulnerability
13    fwu_write_vulnerability
14    cc3xx_partial_tag_compare_on_chacha20_poly1305
15    debug_log_vulnerability
16    user_pointers_mailbox_vectors_vulnerability
17
18+------------+-----------------------------------------------------------------+
19| ID         | Title                                                           |
20+============+=================================================================+
21|  |TFMV-1|  | NS world may cause the CPU to perform an unexpected return      |
22|            | operation due to unsealed stacks.                               |
23+------------+-----------------------------------------------------------------+
24|  |TFMV-2|  | Invoking Secure functions from handler mode may cause TF-M IPC  |
25|            | model to behave unexpectedly.                                   |
26+------------+-----------------------------------------------------------------+
27|  |TFMV-3|  | ``abort()`` function may not take effect in TF-M Crypto         |
28|            | multi-part MAC/hashing/cipher operations.                       |
29+------------+-----------------------------------------------------------------+
30|  |TFMV-4|  | NSPE may access secure keys stored in TF-M Crypto service       |
31|            | in Profile Small with Crypto key ID encoding disabled.          |
32+------------+-----------------------------------------------------------------+
33|  |TFMV-5|  | ``psa_fwu_write()`` may cause buffer overflow in SPE.           |
34+------------+-----------------------------------------------------------------+
35|  |TFMV-6|  | Partial tag comparison when using Chacha20-Poly1305 on the PSA  |
36|            | driver API interface in CryptoCell enabled platforms            |
37+------------+-----------------------------------------------------------------+
38|  |TFMV-7|  | ARoT can access PRoT data via debug logging functionality       |
39+------------+-----------------------------------------------------------------+
40|  |TFMV-8|  | Unchecked user-supplied pointer via mailbox messages may cause  |
41|            | write of arbitrary address                                      |
42+------------+-----------------------------------------------------------------+
43
44.. |TFMV-1| replace:: :doc:`TFMV-1 <stack_seal_vulnerability>`
45.. |TFMV-2| replace:: :doc:`TFMV-2 <svc_caller_sp_fetching_vulnerability>`
46.. |TFMV-3| replace:: :doc:`TFMV-3 <crypto_multi_part_ops_abort_fail>`
47.. |TFMV-4| replace:: :doc:`TFMV-4 <profile_small_key_id_encoding_vulnerability>`
48.. |TFMV-5| replace:: :doc:`TFMV-5 <fwu_write_vulnerability>`
49.. |TFMV-6| replace:: :doc:`TFMV-6 <cc3xx_partial_tag_compare_on_chacha20_poly1305>`
50.. |TFMV-7| replace:: :doc:`TFMV-7 <debug_log_vulnerability>`
51.. |TFMV-8| replace:: :doc:`TFMV-8 <user_pointers_mailbox_vectors_vulnerability>`
52
53--------------
54
55*Copyright (c) 2020-2024, Arm Limited. All rights reserved.*
56