Arm has issued a Security Bulletin regarding a potential software issue regarding zero- and sign-extension on arguments to and return values from guard functions. When code is built with the affected compilers, if the non-secure side is compromised it may be possible for an attacker to maliciously alter CPU registers to provide an out-of-range or otherwise unexpected invalid value to a secure gateway function that could crash or compromise the entire application.
The following FSP-compatible toolchains are affected:
Toolchain
Affected Versions
Fixed Versions
Arm Compiler for Embedded (AC6)
Up to 6.21
6.22+
Arm GNU Toolchain (GCC)
All versions
TBD
clang (LLVM)
All versions
TBD
IAR Compiler
Up to 9.50.3
9.50.4+
Mitigation
If a compiler update or associated FSP version is not available please consider the following information.
Guard functions generated by FSP only automatically provide checks to ensure pointers are within the non-secure partitioned area. If parameter checking is enabled for the associated code in the secure application then some additional verification will be performed. These parameter checks may not be comprehensive enough to fully mitigate the issues in this CVE, particularly in regards to boundary checking of enumerations which is not a requirement in FSP. Users should confirm any existing parameter checking is acceptable and/or add additional checking as deemed necessary within the guard functions.
FSP does not call non-secure code with a return value from the secure application. Users should continue to carefully check return values from non-secure functions in their own code if invalid values could compromise secure data.
Overview
Arm has issued a Security Bulletin regarding a potential software issue regarding zero- and sign-extension on arguments to and return values from guard functions. When code is built with the affected compilers, if the non-secure side is compromised it may be possible for an attacker to maliciously alter CPU registers to provide an out-of-range or otherwise unexpected invalid value to a secure gateway function that could crash or compromise the entire application.
For detailed information please refer to the official Arm CVE-2024-0151 document.
Affected Toolchains
The following FSP-compatible toolchains are affected:
Mitigation
If a compiler update or associated FSP version is not available please consider the following information.
Guard functions generated by FSP only automatically provide checks to ensure pointers are within the non-secure partitioned area. If parameter checking is enabled for the associated code in the secure application then some additional verification will be performed. These parameter checks may not be comprehensive enough to fully mitigate the issues in this CVE, particularly in regards to boundary checking of enumerations which is not a requirement in FSP. Users should confirm any existing parameter checking is acceptable and/or add additional checking as deemed necessary within the guard functions.
FSP does not call non-secure code with a return value from the secure application. Users should continue to carefully check return values from non-secure functions in their own code if invalid values could compromise secure data.