N/A

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.

N/A

N/A

Linaro Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M（Tf-M）是英国Linaro公司的一个平台安全架构 (Psa) 物联网安全框架的参考实现。 Trusted Firmware-M TF-Mv1.8.0及之前版本存在安全漏洞，该漏洞源于验证身份标记期间的缓冲区存在安全漏洞，导致未经身份验证的有效载荷被标识为真实载荷。

N/A

N/A