Timeline
Reported
Dec 8, 2025
Acknowledged
Dec 8, 2025
Published
Feb 10, 2026
Summary
FSP versions prior to v6.3.0 contain a buffer overflow vulnerability in the AES-XTS hardware-accelerated encryption/decryption path (rm_psa_crypto/aes_alt_process.c). When encrypting/decrypting data with a length not divisible by 16 bytes and greater than 32 bytes, the finalization step incorrectly copies the full message length into the output buffer instead of only the final segment. This causes stack buffer overflow writing past the caller-provided output buffer, stack over-read of the 32-byte local_output buffer copying adjacent stack contents into the output (information disclosure), and potential denial of service or memory corruption.