diff --git a/docs/security_advisories/security-advisory-tfv-1.rst b/docs/security_advisories/security-advisory-tfv-1.rst index 23b1c98..e3d1984 100644 --- a/docs/security_advisories/security-advisory-tfv-1.rst +++ b/docs/security_advisories/security-advisory-tfv-1.rst @@ -2,7 +2,7 @@ | Title | Malformed Firmware Update SMC can result in copy of | | | unexpectedly large data into secure memory | +================+=============================================================+ -| CVE ID | CVE-2016-10319 | +| CVE ID | `CVE-2016-10319`_ | +----------------+-------------------------------------------------------------+ | Date | 18 Oct 2016 | +----------------+-------------------------------------------------------------+ @@ -154,5 +154,6 @@ return success. Platforms that copy this insecure pattern will have the same vulnerability. +.. _CVE-2016-10319: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10319 .. _48bfb88: https://github.com/ARM-software/arm-trusted-firmware/commit/48bfb88 .. _Pull Request #783: https://github.com/ARM-software/arm-trusted-firmware/pull/783 diff --git a/docs/security_advisories/security-advisory-tfv-2.rst b/docs/security_advisories/security-advisory-tfv-2.rst index 1c3a28f..db47458 100644 --- a/docs/security_advisories/security-advisory-tfv-2.rst +++ b/docs/security_advisories/security-advisory-tfv-2.rst @@ -2,7 +2,7 @@ | Title | Enabled secure self-hosted invasive debug interface can | | | allow normal world to panic secure world | +================+=============================================================+ -| CVE ID | CVE-2017-7564 | +| CVE ID | `CVE-2017-7564`_ | +----------------+-------------------------------------------------------------+ | Date | 02 Feb 2017 | +----------------+-------------------------------------------------------------+ @@ -51,6 +51,7 @@ macro. Here the affected bits are ``SDCR.SPD``, which should also be assigned to ``10`` instead of ``00`` +.. _CVE-2017-7564: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7564 .. _commit 495f3d3: https://github.com/ARM-software/arm-trusted-firmware/commit/495f3d3 .. _AArch64 macro: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch64/el3_common_macros.S#L85 .. _AArch32 equivalent: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch32/el3_common_macros.S#L41 diff --git a/docs/security_advisories/security-advisory-tfv-3.rst b/docs/security_advisories/security-advisory-tfv-3.rst index 4241573..28e10bf 100644 --- a/docs/security_advisories/security-advisory-tfv-3.rst +++ b/docs/security_advisories/security-advisory-tfv-3.rst @@ -1,7 +1,7 @@ +----------------+-------------------------------------------------------------+ | Title | RO memory is always executable at AArch64 Secure EL1 | +================+=============================================================+ -| CVE ID | CVE-2017-7563 | +| CVE ID | `CVE-2017-7563`_ | +----------------+-------------------------------------------------------------+ | Date | 06 Apr 2017 | +----------------+-------------------------------------------------------------+ @@ -78,5 +78,6 @@ mapped into the secure world is non-executable by setting the ``SCR_EL3.SIF`` bit. See the ``el3_arch_init_common`` macro in ``el3_common_macros.S``. +.. _CVE-2017-7563: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7563 .. _Pull Request #662: https://github.com/ARM-software/arm-trusted-firmware/pull/662 .. _Pull Request #924: https://github.com/ARM-software/arm-trusted-firmware/pull/924 diff --git a/docs/security_advisories/security-advisory-tfv-4.rst b/docs/security_advisories/security-advisory-tfv-4.rst index 9f304c6..386d0da 100644 --- a/docs/security_advisories/security-advisory-tfv-4.rst +++ b/docs/security_advisories/security-advisory-tfv-4.rst @@ -3,7 +3,7 @@ | | authentication of unexpected data in secure memory in | | | AArch32 state | +================+=============================================================+ -| CVE ID | CVE-2017-9607 | +| CVE ID | `CVE-2017-9607`_ | +----------------+-------------------------------------------------------------+ | Date | 20 Jun 2017 | +----------------+-------------------------------------------------------------+ @@ -114,6 +114,7 @@ the ``TRUSTED_BOARD_BOOT`` and ``ARCH=aarch32`` build options. Other platforms may also be affected if they fulfil the above conditions. +.. _CVE-2017-9607: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9607 .. _commit c396b73: https://github.com/ARM-software/arm-trusted-firmware/commit/c396b73 .. _Pull Request #678: https://github.com/ARM-software/arm-trusted-firmware/pull/678 .. _Pull Request #939: https://github.com/ARM-software/arm-trusted-firmware/pull/939 diff --git a/docs/security_advisories/security-advisory-tfv-5.rst b/docs/security_advisories/security-advisory-tfv-5.rst index 6525645..4479bf0 100644 --- a/docs/security_advisories/security-advisory-tfv-5.rst +++ b/docs/security_advisories/security-advisory-tfv-5.rst @@ -2,7 +2,7 @@ | Title | Not initializing or saving/restoring ``PMCR_EL0`` can leak | | | secure world timing information | +================+=============================================================+ -| CVE ID | CVE-2017-15031 | +| CVE ID | `CVE-2017-15031`_ | +----------------+-------------------------------------------------------------+ | Date | 02 Oct 2017 | +----------------+-------------------------------------------------------------+ @@ -39,4 +39,5 @@ The same issue exists for the equivalent AArch32 register, ``PMCR``, except that here ``PMCR_EL0.DP`` architecturally resets to zero. +.. _CVE-2017-15031: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15031 .. _Pull Request #1127: https://github.com/ARM-software/arm-trusted-firmware/pull/1127 diff --git a/docs/security_advisories/security-advisory-tfv-8.rst b/docs/security_advisories/security-advisory-tfv-8.rst index d04c575..eacdc7b 100644 --- a/docs/security_advisories/security-advisory-tfv-8.rst +++ b/docs/security_advisories/security-advisory-tfv-8.rst @@ -2,7 +2,7 @@ | Title | Not saving x0 to x3 registers can leak information from one | | | Normal World SMC client to another | +================+=============================================================+ -| CVE ID | CVE-2018-19440 | +| CVE ID | `CVE-2018-19440`_ | +----------------+-------------------------------------------------------------+ | Date | 27 Nov 2018 | +----------------+-------------------------------------------------------------+ @@ -94,6 +94,7 @@ /* Save r0 - r12 in the SMC context */ stm sp, {r0-r12} +.. _CVE-2018-19440: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19440 .. _commit c385955: https://github.com/ARM-software/arm-trusted-firmware/commit/c385955 .. _SMC Calling Convention: http://arminfo.emea.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf .. _Pull Request #1710: https://github.com/ARM-software/arm-trusted-firmware/pull/1710