TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / trusted-firmware-a / b1f8b71ca8d94b2965b59ba5257cfeb59fea8562^! / .
commitb1f8b71ca8d94b2965b59ba5257cfeb59fea8562[log] [tgz]
authorArvind Ram Prakash <arvind.ramprakash@arm.com>Fri Jul 11 10:22:00 2025 -0500
committerArvind Ram Prakash <arvind.ramprakash@arm.com>Wed Jul 23 16:26:54 2025 -0500
tree159e3ea9662a6aa82bacb6825fbd2037af274231
parent67c23966aee63b96ac19490b51e9a1049f4d6e92 [diff]
docs(security): security advisory for CVE-2024-7881

Add CVE-2024-7881 security advisory document.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ide976bc8754dc94d23e76001aaecf52556e7039a

diff --git a/docs/security_advisories/index.rst b/docs/security_advisories/index.rst
index 0ab73bc..a6fed96 100644
--- a/docs/security_advisories/index.rst
+++ b/docs/security_advisories/index.rst

@@ -17,3 +17,4 @@
    security-advisory-tfv-10.rst
    security-advisory-tfv-11.rst
    security-advisory-tfv-12.rst
+   security-advisory-tfv-13.rst

diff --git a/docs/security_advisories/security-advisory-tfv-13.rst b/docs/security_advisories/security-advisory-tfv-13.rst
new file mode 100644
index 0000000..929e9b8
--- /dev/null
+++ b/docs/security_advisories/security-advisory-tfv-13.rst

@@ -0,0 +1,82 @@
+Advisory TFV-13 (CVE-2024-7881)
+================================
+
++----------------+-----------------------------------------------------------------+
+| Title          | An unprivileged context can trigger a data memory-dependent     |
+|                | prefetch engine to fetch the contents of a privileged location  |
+|                | and consume those contents as an address that is                |
+|                | also dereferenced.                                              |
+|                |                                                                 |
++================+=================================================================+
+| CVE ID         | `CVE-2024-7881`_                                                |
++----------------+-----------------------------------------------------------------+
+| Date           | Reported on 16 August 2024                                      |
++----------------+-----------------------------------------------------------------+
+| Versions       | TF-A version from v2.2 to v2.12                                 |
+| Affected       | LTS releases lts-v2.8.0 to lts-v2.8.28                          |
+|                | LTS releases lts-v2.10.0 to lts-v2.10.12                        |
++----------------+-----------------------------------------------------------------+
+| Configurations | All                                                             |
+| Affected       |                                                                 |
++----------------+-----------------------------------------------------------------+
+| Impact         | Potential leakage of secure world data to normal world.         |
++----------------+-----------------------------------------------------------------+
+| Fix Version    | `Gerrit topic #ar/smccc_arch_wa_4`_                             |
+|                | Also see mitigation guidance in the `Official Arm Advisory`_    |
++----------------+-----------------------------------------------------------------+
+| Credit         | Arm                                                             |
++----------------+-----------------------------------------------------------------+
+
+Description
+-----------
+
+An issue has been identified in some Arm-based CPUs that may allow
+an unprivileged context to trigger a data memory-dependent prefetch engine
+to fetch the contents of a privileged location (for which it
+does not have read permission) and consume those contents as an address
+that is also dereferenced.
+
+The below table lists all the CPUs impacted by this vulnerability and have
+mitigation in TF-A.
+
++----------------------+
+| Core                 |
++----------------------+
+| Cortex-X3            |
++----------------------+
+| Cortex-X4            |
++----------------------+
+| Cortex-X925          |
++----------------------+
+| Neoverse-V2          |
++----------------------+
+| Neoverse-V3          |
++----------------------+
+| Neoverse-V3AE        |
++----------------------+
+
+Mitigation and Recommendations
+------------------------------
+
+Arm recommends following the mitigation steps and configuration changes
+described in the official advisory. The mitigation for CVE-2024-7881 is
+implemented at EL3 and addresses vulnerabilities caused by memory-dependant
+speculative prefetching. This issue is avoided by setting CPUACTLR6_EL1[41]
+to 1, this disables the affected prefetcher.
+
+Arm has updated the SMC Calling Convention spec so that privileged normal world
+software can identify when the issue has been mitigated in
+firmware (SMCCC_ARCH_WORKAROUND_4). Refer to the `SMC Calling Convention
+Specification`_ for more details.
+
+The above workaround is enabled by default (on vulnerable CPUs only).
+Platforms can choose to disable them at compile time if
+they do not require them.
+
+For further technical information, affected CPUs, and detailed guidance,
+refer to the full `Official Arm Advisory`_.
+
+.. _CVE-2024-7881: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7881
+.. _Gerrit topic #ar/smccc_arch_wa_4: https://review.trustedfirmware.org/q/topic:%22ar/smccc_arch_wa_4%22
+.. _SMC Calling Convention specification: https://developer.arm.com/documentation/den0028/latest
+.. _Official Arm Advisory: https://developer.arm.com/documentation/110326/latest