Message ID | 20231113133100.2200065-1-ross.burton@arm.com |
---|---|
State | New |
Headers | show |
Series | [1/2] arm/optee: handle CVE-2021-36133 as disputed | expand |
On Mon, 13 Nov 2023 13:30:59 +0000, ross.burton@arm.com wrote: > This CVE is specific to NXP i.MX boards which are documented as being > shipped unsecure, as they're meant for development. > > Applied, thanks! [1/2] arm/optee: handle CVE-2021-36133 as disputed commit: 7fb2707adaa3ef25b48bd58e63b32161f9ba0faf [2/2] arm-bsp/optee-os: backport fix for CVE-2023-41325 commit: 721ed95a23b6e5cbe8a8ed9c0505eb02ff35d85c Best regards,
diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc index 06c67cfb..650f8d0b 100644 --- a/meta-arm/recipes-security/optee/optee.inc +++ b/meta-arm/recipes-security/optee/optee.inc @@ -31,3 +31,6 @@ EXTRA_OEMAKE += "V=1 \ # python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the # right path until this is relocated automatically. export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt. +CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes"