1Security Handling
2=================
3
4Security Disclosures
5--------------------
6
7We disclose all security vulnerabilities we find, or are advised about, that are
8relevant to Trusted Firmware-A. We encourage responsible disclosure of
9vulnerabilities and inform users as best we can about all possible issues.
10
11We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
12at the bottom of this page. Any new ones will, additionally, be announced on the
13TF-A project's `mailing list`_.
14
15Found a Security Issue?
16-----------------------
17
18Although we try to keep TF-A secure, we can only do so with the help of the
19community of developers and security researchers.
20
21.. warning::
22   If you think you have found a security vulnerability, please **do not**
23   report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
24   follow the `TrustedFirmware.org security incident process`_.
25
26One of the goals of this process is to ensure providers of products that use
27TF-A have a chance to consider the implications of the vulnerability and its
28remedy before it is made public. As such, please follow the disclosure plan
29outlined in the process. We do our best to respond and fix any issues quickly.
30
31Afterwards, we encourage you to write-up your findings about the TF-A source
32code.
33
34Attribution
35-----------
36
37We will name and thank you in the :ref:`Change Log & Release Notes` distributed
38with the source code and in any published security advisory.
39
40Security Advisories
41-------------------
42
43+-----------+------------------------------------------------------------------+
44| ID        | Title                                                            |
45+===========+==================================================================+
46|  |TFV-1|  | Malformed Firmware Update SMC can result in copy of unexpectedly |
47|           | large data into secure memory                                    |
48+-----------+------------------------------------------------------------------+
49|  |TFV-2|  | Enabled secure self-hosted invasive debug interface can allow    |
50|           | normal world to panic secure world                               |
51+-----------+------------------------------------------------------------------+
52|  |TFV-3|  | RO memory is always executable at AArch64 Secure EL1             |
53+-----------+------------------------------------------------------------------+
54|  |TFV-4|  | Malformed Firmware Update SMC can result in copy or              |
55|           | authentication of unexpected data in secure memory in AArch32    |
56|           | state                                                            |
57+-----------+------------------------------------------------------------------+
58|  |TFV-5|  | Not initializing or saving/restoring PMCR_EL0 can leak secure    |
59|           | world timing information                                         |
60+-----------+------------------------------------------------------------------+
61|  |TFV-6|  | Trusted Firmware-A exposure to speculative processor             |
62|           | vulnerabilities using cache timing side-channels                 |
63+-----------+------------------------------------------------------------------+
64|  |TFV-7|  | Trusted Firmware-A exposure to cache speculation vulnerability   |
65|           | Variant 4                                                        |
66+-----------+------------------------------------------------------------------+
67|  |TFV-8|  | Not saving x0 to x3 registers can leak information from one      |
68|           | Normal World SMC client to another                               |
69+-----------+------------------------------------------------------------------+
70|  |TFV-9|  | Trusted Firmware-A exposure to speculative processor             |
71|           | vulnerabilities with branch prediction target reuse              |
72+-----------+------------------------------------------------------------------+
73|  |TFV-10| | Incorrect validation of X.509 certificate extensions can result  |
74|           | in an out-of-bounds read                                         |
75+-----------+------------------------------------------------------------------+
76|  |TFV-11| |  A Malformed SDEI SMC can cause out of bound memory read         |
77+-----------+------------------------------------------------------------------+
78
79.. _issue tracker: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
80.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
81
82.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
83.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`
84.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)`
85.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)`
86.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)`
87.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)`
88.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
89.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
90.. |TFV-9| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)`
91.. |TFV-10| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)`
92.. |TFV-11| replace:: :ref:`Advisory TFV-11 (CVE-2023-49100)`
93
94.. _TrustedFirmware.org security incident process: https://trusted-firmware-docs.readthedocs.io/en/latest/security_center/
95
96--------------
97
98*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
99