TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / trusted-firmware-a / e0cb13fdda3f6d8d387a28b77da0fe7d2f0b7449^! / .
commite0cb13fdda3f6d8d387a28b77da0fe7d2f0b7449[log] [tgz]
authorGovindraj Raja <govindraj.raja@arm.com>Mon Jul 07 14:22:27 2025 -0500
committerGovindraj Raja <govindraj.raja@arm.com>Mon Jul 14 12:25:41 2025 -0500
treef27444a096f825dfba12c2412f110a51483d8258
parent9cc15390326dbd3a3d4e89299643e1d5b08958f6 [diff]
docs(security): security advisory for CVE-2024-5660

Add CVE-2024-5660 security advisory document.

Change-Id: I0d0428061f60b6fe83d03362b27b960f6ddcc6f4
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

diff --git a/docs/security_advisories/index.rst b/docs/security_advisories/index.rst
index ad55546..0ab73bc 100644
--- a/docs/security_advisories/index.rst
+++ b/docs/security_advisories/index.rst

@@ -16,3 +16,4 @@
    security-advisory-tfv-9.rst
    security-advisory-tfv-10.rst
    security-advisory-tfv-11.rst
+   security-advisory-tfv-12.rst

diff --git a/docs/security_advisories/security-advisory-tfv-12.rst b/docs/security_advisories/security-advisory-tfv-12.rst
new file mode 100644
index 0000000..48d2cb8
--- /dev/null
+++ b/docs/security_advisories/security-advisory-tfv-12.rst

@@ -0,0 +1,86 @@
+Advisory TFV-12 (CVE-2024-5660)
+================================
+
++----------------+--------------------------------------------------------------+
+| Title          | When Hardware Page Aggregation (HPA) is enabled memory       |
+|                | accesses may be translated incorrectly.                      |
++================+==============================================================+
+| CVE ID         | `CVE-2024-5660`_                                             |
++----------------+--------------------------------------------------------------+
+| Date           | Reported on 26 Jan 2024                                      |
++----------------+--------------------------------------------------------------+
+| Versions       | TF-A version from v2.2 to v2.12                              |
+| Affected       | LTS releases lts-v2.8.0 to lts-v2.8.26                       |
+|                | LTS releases lts-v2.10.0 to lts-v2.10.10                     |
++----------------+--------------------------------------------------------------+
+| Configurations | Arm CPUs with Hardware Page Aggregation (HPA) running in     |
+| Affected       | environments where a modified, untrusted guest OS may        |
+|                | operate, especially with specific hypervisors.               |
++----------------+--------------------------------------------------------------+
+| Impact         | Potential for a compromised guest OS to attack the host via  |
+|                | HPA mechanism, resulting in possible information disclosure. |
++----------------+--------------------------------------------------------------+
+| Fix Version    | `Gerrit-Patches`_                                            |
++----------------+--------------------------------------------------------------+
+| Credit         | Arm                                                          |
++----------------+--------------------------------------------------------------+
+
+Description
+-----------
+
+A vulnerability has been identified in certain Arm CPUs implementing the
+Hardware Page Aggregation (HPA) feature. In environments utilizing virtualization,
+a specially crafted or compromised guest operating system could exploit this
+vulnerability to affect the host system. This could potentially lead to information
+disclosure depending on the deployment scenario and hypervisor configuration.
+
+The below table lists the CPUs that mitigate against this vulnerability in TF-A.
+
++---------------+
+| **Core**      |
++---------------+
+| Cortex-A77    |
++---------------+
+| Cortex-A78    |
++---------------+
+| Cortex-A78C   |
++---------------+
+| Cortex-A78AE  |
++---------------+
+| Cortex-A710   |
++---------------+
+| Cortex-X1     |
++---------------+
+| Cortex-X2     |
++---------------+
+| Cortex-X3     |
++---------------+
+| Cortex-X4     |
++---------------+
+| Cortex-X925   |
++---------------+
+| Neoverse-V1   |
++---------------+
+| Neoverse-V2   |
++---------------+
+| Neoverse-V3   |
++---------------+
+| Neoverse-N2   |
++---------------+
+
+Mitigation and Recommendations
+------------------------------
+
+Arm recommends following the mitigation steps and configuration changes described in the
+official advisory. The issue is avoided by setting CPUECTLR_EL1[46] to 1 which will
+disable hardware page aggregation.
+
+Users should refer to the latest firmware updates as provided by vendors
+and ensure that HPA-related security mitigations are enabled where applicable.
+
+For further technical information, affected CPUs, and detailed guidance, refer to the
+full `Official Arm Advisory`_.
+
+.. _CVE-2024-5660: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5660
+.. _Gerrit-Patches: https://review.trustedfirmware.org/q/topic:%22sm/fix_erratum%22
+.. _Official Arm Advisory: https://developer.arm.com/documentation/110324/latest