Core: Fix possible integer overflow in tfm_svcall_psa_call(...)
Open, HighPublic

Description

Fix possible integer overflow found during TF-M LVL2 certification.

The following operation could overflow as in_num and out_num are controlled by the non-secure code (secure_fw\core\ipc\tfm_svcalls.c:tfm_svcall_psa_call):

if (in_num + out_num > PSA_MAX_IOVEC) {
    tfm_panic();
}

A large value for in_num or out_num could overflow the addition, and pass the above check.

ronald-cron-arm triaged this task as High priority.
ronald-cron-arm created this object with edit policy "Subscribers".