mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-17 01:54:22 +00:00
267f8085f2
Required so that the advisory documents are all valid RST files (with a header) and that they all integrate into the document tree. Change-Id: I68ca2b0b9e648e24b460deb772c471a38518da26 Signed-off-by: Paul Beesley <paul.beesley@arm.com>
46 lines
2.9 KiB
ReStructuredText
46 lines
2.9 KiB
ReStructuredText
Advisory TFV-5 (CVE-2017-15031)
|
|
===============================
|
|
|
|
+----------------+-------------------------------------------------------------+
|
|
| Title | Not initializing or saving/restoring ``PMCR_EL0`` can leak |
|
|
| | secure world timing information |
|
|
+================+=============================================================+
|
|
| CVE ID | `CVE-2017-15031`_ |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Date | 02 Oct 2017 |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Versions | All, up to and including v1.4 |
|
|
| Affected | |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Configurations | All |
|
|
| Affected | |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Impact | Leakage of sensitive secure world timing information |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Fix Version | `Pull Request #1127`_ (merged on 18 October 2017) |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Credit | Arm |
|
|
+----------------+-------------------------------------------------------------+
|
|
|
|
The ``PMCR_EL0`` (Performance Monitors Control Register) provides details of the
|
|
Performance Monitors implementation, including the number of counters
|
|
implemented, and configures and controls the counters. If the ``PMCR_EL0.DP``
|
|
bit is set to zero, the cycle counter (when enabled) counts during secure world
|
|
execution, even when prohibited by the debug signals.
|
|
|
|
Since Arm TF does not save and restore ``PMCR_EL0`` when switching between the
|
|
normal and secure worlds, normal world code can set ``PMCR_EL0.DP`` to zero to
|
|
cause leakage of secure world timing information. This register should be added
|
|
to the list of saved/restored registers.
|
|
|
|
Furthermore, ``PMCR_EL0.DP`` has an architecturally ``UNKNOWN`` reset value.
|
|
Since Arm TF does not initialize this register, it's possible that on at least
|
|
some implementations, ``PMCR_EL0.DP`` is set to zero by default. This and other
|
|
bits with an architecturally UNKNOWN reset value should be initialized to
|
|
sensible default values in the secure context.
|
|
|
|
The same issue exists for the equivalent AArch32 register, ``PMCR``, except that
|
|
here ``PMCR_EL0.DP`` architecturally resets to zero.
|
|
|
|
.. _CVE-2017-15031: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15031
|
|
.. _Pull Request #1127: https://github.com/ARM-software/arm-trusted-firmware/pull/1127
|