Page MenuHomePhabricator
Create Task
Maniphest T986

workaround for CVE-2022-23960
Closed, ResolvedPublic
Actions

Description

Hi,
recently, we are fixing the vulnerability CVE-2022-23960 of TF-A, and we notice that relevant patches are uploaded Continuously. So, I just wonder if where is a advisory when the vulnerability is absolutely fixed.
Thanks a lot.

Event Timeline

joannafarley-arm added a subscriber: joannafarley-arm.Mar 21 2022, 8:30 AM

Reference implementations of mitigations in TF-A for vulnerabilities in various CPU's were initially made available for public review in Gerrit. These have now after the opportunity for feedback been merged into the mainline branch.

joannafarley-arm closed this task as Resolved.Mar 21 2022, 8:53 AM
yuezhiran added a comment.Mar 21 2022, 10:02 AM

I notice that relevant patches have been merged into the mainline branch except A65. will it be uploaded recently ?

joannafarley-arm added a comment.EditedMar 21 2022, 4:49 PM

As I understand it from the white paper (v1.6) from developer.arm.com there is research ongoing for the mitigation sequence for the Cortex- A65. Once known I believe TF-A reference mitigation patches will be developed.

soby-mathew added a subscriber: soby-mathew.Mar 28 2022, 2:32 PM

Hi Yuezhiran,
We are following this up internally. Could you please let us know what revision of Helios you have and whether you run linux? (Linux doesn't work around any Helios errata currently)

helendam added a subscriber: helendam.Jan 30 2024, 3:24 AM

I am immensely grateful to the author for sharing their expertise and knowledge through Pokemon Infinite Fusion this extensive article, which has undoubtedly enriched my understanding of the subject matter.