Page MenuHomePhabricator

Core: Fix possible integer overflow in tfm_svcall_psa_call(...)
Closed, ResolvedPublic


Fix possible integer overflow found during TF-M LVL2 certification.

The following operation could overflow as in_num and out_num are controlled by the non-secure code (secure_fw\core\ipc\tfm_svcalls.c:tfm_svcall_psa_call):

if (in_num + out_num > PSA_MAX_IOVEC) {

A large value for in_num or out_num could overflow the addition, and pass the above check.

Event Timeline

ronald-cron-arm triaged this task as High priority.Sep 11 2019, 7:01 AM
ronald-cron-arm created this task.
ronald-cron-arm created this object with edit policy "Subscribers".
ronald-cron-arm closed this task as Resolved.Sep 20 2019, 7:37 AM

Patch merged