Page MenuHomePhabricator

workaround for CVE-2022-23960
Closed, ResolvedPublic


recently, we are fixing the vulnerability CVE-2022-23960 of TF-A, and we notice that relevant patches are uploaded Continuously. So, I just wonder if where is a advisory when the vulnerability is absolutely fixed.
Thanks a lot.

Event Timeline

Reference implementations of mitigations in TF-A for vulnerabilities in various CPU's were initially made available for public review in Gerrit. These have now after the opportunity for feedback been merged into the mainline branch.

joannafarley-arm closed this task as Resolved.Mar 21 2022, 8:53 AM

I notice that relevant patches have been merged into the mainline branch except A65. will it be uploaded recently ?

joannafarley-arm added a comment.EditedMar 21 2022, 4:49 PM

As I understand it from the white paper (v1.6) from there is research ongoing for the mitigation sequence for the Cortex- A65. Once known I believe TF-A reference mitigation patches will be developed.

Hi Yuezhiran,
We are following this up internally. Could you please let us know what revision of Helios you have and whether you run linux? (Linux doesn't work around any Helios errata currently)