diff mbox series

[1/2] arm/optee: handle CVE-2021-36133 as disputed

Message ID 20231113133100.2200065-1-ross.burton@arm.com
State New
Headers show
Series [1/2] arm/optee: handle CVE-2021-36133 as disputed | expand

Commit Message

Ross Burton Nov. 13, 2023, 1:30 p.m. UTC 
From: Ross Burton <ross.burton@arm.com>

This CVE is specific to NXP i.MX boards which are documented as being
shipped unsecure, as they're meant for development.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta-arm/recipes-security/optee/optee.inc | 3 +++
 1 file changed, 3 insertions(+)

Comments

Jon Mason Nov. 13, 2023, 3:46 p.m. UTC | #1 
On Mon, 13 Nov 2023 13:30:59 +0000, ross.burton@arm.com wrote:
> This CVE is specific to NXP i.MX boards which are documented as being
> shipped unsecure, as they're meant for development.
> 
> 

Applied, thanks!

[1/2] arm/optee: handle CVE-2021-36133 as disputed
      commit: 7fb2707adaa3ef25b48bd58e63b32161f9ba0faf
[2/2] arm-bsp/optee-os: backport fix for CVE-2023-41325
      commit: 721ed95a23b6e5cbe8a8ed9c0505eb02ff35d85c

Best regards,
diff mbox series

Patch

diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc
index 06c67cfb..650f8d0b 100644
--- a/meta-arm/recipes-security/optee/optee.inc
+++ b/meta-arm/recipes-security/optee/optee.inc
@@ -31,3 +31,6 @@  EXTRA_OEMAKE += "V=1 \
 # python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
 # right path until this is relocated automatically.
 export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
+# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt.
+CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes"