recently, we are fixing the vulnerability CVE-2022-23960 of TF-A, and we notice that relevant patches are uploaded Continuously. So, I just wonder if where is a advisory when the vulnerability is absolutely fixed.
Thanks a lot.
Reference implementations of mitigations in TF-A for vulnerabilities in various CPU's were initially made available for public review in Gerrit. These have now after the opportunity for feedback been merged into the mainline branch.
We are following this up internally. Could you please let us know what revision of Helios you have and whether you run linux? (Linux doesn't work around any Helios errata currently)