From 2a4f227c5cac9dba2e82259a02cd3d4c6944e4f7 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 16 May 2024 12:19:59 +0530 Subject: [PATCH] docs: add page to summarize the security vulnerabilities and advisories --- docs/en/security/index.rst | 6 + docs/en/security/vulnerabilities.rst | 164 ++++++++++++++++++++++++ docs/zh_CN/security/index.rst | 6 + docs/zh_CN/security/vulnerabilities.rst | 1 + 4 files changed, 177 insertions(+) create mode 100644 docs/en/security/vulnerabilities.rst create mode 100644 docs/zh_CN/security/vulnerabilities.rst diff --git a/docs/en/security/index.rst b/docs/en/security/index.rst index 8e15f6a8ce..7f5c1c9dcc 100644 --- a/docs/en/security/index.rst +++ b/docs/en/security/index.rst @@ -26,3 +26,9 @@ Workflows host-based-security-workflows +Vulnerabilities +--------------- +.. toctree:: + :maxdepth: 1 + + vulnerabilities diff --git a/docs/en/security/vulnerabilities.rst b/docs/en/security/vulnerabilities.rst new file mode 100644 index 0000000000..32a188891c --- /dev/null +++ b/docs/en/security/vulnerabilities.rst @@ -0,0 +1,164 @@ +Vulnerabilities +=============== + +This page briefly lists all of the vulnerabilities that are discovered and fixed in each release. Please note that for the on-going issues or the issues under embargo period, the information on this page may reflect once the desired resolution has been achieved. + + +.. note:: + Please refer to ``latest`` version of this documentation guide for up-to-date information. + +CVE-2024 +-------- + +CVE-2024-28183 +~~~~~~~~~~~~~~ + +Bootloader TOCTOU Vulnerability in Anti-rollback Scheme + +* Espressif Advisory: NA (Published on GitHub) +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details +* Advisory pointer: `GHSA-22x6-3756-pfp8`_ + + +CVE-2023 +-------- + +CVE-2023-35818 +~~~~~~~~~~~~~~ + +Security Advisory Concerning Bypassing Secure Boot and Flash Encryption Using EMFI + +* Espressif Advisory: `AR2023-005`_ +* Impact: Applicable for ESP32 Chip Revision v3.0/v3.1 +* Resolution: Please see advisory for details + + +CVE-2023-24023 +~~~~~~~~~~~~~~ + +Security Advisory Concerning the Bluetooth BLUFFS Vulnerability + +* Espressif Advisory: `AR2023-010`_ +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details + +CVE-2022 +-------- + +CVE-2022-24893 +~~~~~~~~~~~~~~ + +Espressif Bluetooth Mesh Stack Vulnerability + +* Espressif Advisory: NA (Published on GitHub) +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details +* Advisory pointer: `GHSA-7f7f-jj2q-28wm`_ + + +CVE-2021 +-------- + +CVE-2021-32020 +~~~~~~~~~~~~~~ + +Insufficient bounds checking during management of heap memory in FreeRTOS + +* Impact: ESP-IDF uses its own heap allocator and hence not applicable +* Resolution: NA + +CVE-2021-43997 +~~~~~~~~~~~~~~ + +Privilege escalation issue in FreeRTOS ARMv7-M and ARMv8-M MPU ports + +* Impact: Not applicable for Espressif chips +* Resolution: NA + +CVE-2021-3420 +~~~~~~~~~~~~~ + +Security Advisory on "BadAlloc" Vulnerabilities + +* Espressif Advisory: `AR2021-005`_ +* Impact: Not applicable for ESP-IDF +* Resolution: NA + +CVE-2021-31571 +~~~~~~~~~~~~~~ + +Security Advisory on "BadAlloc" Vulnerabilities + +* Espressif Advisory: `AR2021-005`_ +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details + +CVE-2021-31572 +~~~~~~~~~~~~~~ + +Security Advisory on "BadAlloc" Vulnerabilities + +* Espressif Advisory: `AR2021-005`_ +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details + +CVE-2021-28139 +~~~~~~~~~~~~~~ + +Security Advisory for Bluetooth Vulnerability + +* Covers additional CVEs: CVE-2020-10135, CVE-2020-13595, CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560, CVE-2021-28135, CVE-2021-28136 +* Espressif Advisory: `AR2021-004`_ +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details + + +CVE-2020 +-------- + +CVE-2020-22283 +~~~~~~~~~~~~~~ + +Buffer overflow vulnerability in lwIP stack + +* Espressif Advisory: NA +* Impact: Applicable for ESP-IDF +* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1 + +CVE-2020-22284 +~~~~~~~~~~~~~~ + +Buffer overflow vulnerability in lwIP stack + +* Espressif Advisory: NA +* Impact: Applicable for ESP-IDF +* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1 + +CVE-2020-26142 +~~~~~~~~~~~~~~ + +Security Advisory for WLAN FragAttacks + +* Espressif Advisory: `AR2023-008`_ +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details + +CVE-2020-12638 +~~~~~~~~~~~~~~ + +Security Advisory Concerning Wi-Fi Authentication Bypass + +* Espressif Advisory: `AR2020-002`_ +* Impact: Applicable for ESP-IDF +* Resolution: Please see advisory for details + + +.. _`AR2020-002`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2020-002%20Security%20Advisory%20Concerning%20Wi-Fi%20Authentication%20Bypass%20V1.1%20EN.pdf +.. _`AR2021-004`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-004%20Bluetooth%20Security%20Advisory.pdf +.. _`AR2021-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-005%20Security%20Advisory%20on%20BadAlloc%20Vulnerabilities.pdf +.. _`AR2023-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf +.. _`AR2023-008`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-008%20Security%20Advisory%20for%20WLAN%20FragAttacks%20v1.1%20EN_0.pdf +.. _`AR2023-010`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-010%20Security%20Advisory%20Concerning%20the%20Bluetooth%20BLUFFS%20Vulnerability%20EN.pdf +.. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8 +.. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm diff --git a/docs/zh_CN/security/index.rst b/docs/zh_CN/security/index.rst index 846dace5d5..8a179acefc 100644 --- a/docs/zh_CN/security/index.rst +++ b/docs/zh_CN/security/index.rst @@ -26,3 +26,9 @@ host-based-security-workflows +漏洞 +--------- +.. toctree:: + :maxdepth: 1 + + vulnerabilities diff --git a/docs/zh_CN/security/vulnerabilities.rst b/docs/zh_CN/security/vulnerabilities.rst new file mode 100644 index 0000000000..a63494ff42 --- /dev/null +++ b/docs/zh_CN/security/vulnerabilities.rst @@ -0,0 +1 @@ +.. include:: ../../en/security/vulnerabilities.rst