Merge pull request #1191 from davidhorstmann-arm/psa-shared-memory-changelog

Add ChangeLog for PSA buffer sharing fix
2025-04-17 02:43:26 +00:00 · 2024-03-14 16:18:23 +00:00 · 2024-03-14 16:18:23 +00:00 · abbf2c4835
commit abbf2c4835
parent ea08045275 0634168296
1 changed files with 17 additions and 0 deletions
--- a/ChangeLog.d/psa-shared-memory-protection.txt
+++ b/ChangeLog.d/psa-shared-memory-protection.txt
@ -0,0 +1,17 @@
+Security
+   * Passing buffers that are stored in untrusted memory as arguments
+     to PSA functions is now secure by default.
+     The PSA core now protects against modification of inputs or exposure
+     of intermediate outputs during operations. This is currently implemented
+     by copying buffers.
+     This feature increases code size and memory usage. If buffers passed to
+     PSA functions are owned exclusively by the PSA core for the duration of
+     the function call (i.e. no buffer parameters are in shared memory),
+     copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
+     Note that setting this option will cause input-output buffer overlap to
+     be only partially supported (#3266).
+     Fixes CVE-2024-28960
+Bugfix
+   * Fully support arbitrary overlap between inputs and outputs of PSA
+     functions. Note that overlap is still only partially supported when
+     MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).