From 2979fc288b1634fae9b007f4d9b724659fa74fe1 Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Thu, 16 May 2024 12:19:59 +0530
Subject: [PATCH 1/3] docs: add page to summarize the security vulnerabilities
 and advisories

---
 docs/en/security/index.rst              |   1 +
 docs/en/security/vulnerabilities.rst    | 164 ++++++++++++++++++++++++
 docs/zh_CN/security/index.rst           |   1 +
 docs/zh_CN/security/vulnerabilities.rst |   1 +
 4 files changed, 167 insertions(+)
 create mode 100644 docs/en/security/vulnerabilities.rst
 create mode 100644 docs/zh_CN/security/vulnerabilities.rst

diff --git a/docs/en/security/index.rst b/docs/en/security/index.rst
index 3ba822ba93..24bc9e7698 100644
--- a/docs/en/security/index.rst
+++ b/docs/en/security/index.rst
@@ -11,3 +11,4 @@ Security Guides
    :esp32: secure-boot-v1
    secure-boot-v2
    host-based-security-workflows
+   vulnerabilities
diff --git a/docs/en/security/vulnerabilities.rst b/docs/en/security/vulnerabilities.rst
new file mode 100644
index 0000000000..32a188891c
--- /dev/null
+++ b/docs/en/security/vulnerabilities.rst
@@ -0,0 +1,164 @@
+Vulnerabilities
+===============
+
+This page briefly lists all of the vulnerabilities that are discovered and fixed in each release. Please note that for the on-going issues or the issues under embargo period, the information on this page may reflect once the desired resolution has been achieved.
+
+
+.. note::
+   Please refer to ``latest`` version of this documentation guide for up-to-date information.
+
+CVE-2024
+--------
+
+CVE-2024-28183
+~~~~~~~~~~~~~~
+
+Bootloader TOCTOU Vulnerability in Anti-rollback Scheme
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-22x6-3756-pfp8`_
+
+
+CVE-2023
+--------
+
+CVE-2023-35818
+~~~~~~~~~~~~~~
+
+Security Advisory Concerning Bypassing Secure Boot and Flash Encryption Using EMFI
+
+* Espressif Advisory: `AR2023-005`_
+* Impact: Applicable for ESP32 Chip Revision v3.0/v3.1
+* Resolution: Please see advisory for details
+
+
+CVE-2023-24023
+~~~~~~~~~~~~~~
+
+Security Advisory Concerning the Bluetooth BLUFFS Vulnerability
+
+* Espressif Advisory: `AR2023-010`_
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+
+CVE-2022
+--------
+
+CVE-2022-24893
+~~~~~~~~~~~~~~
+
+Espressif Bluetooth Mesh Stack Vulnerability
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-7f7f-jj2q-28wm`_
+
+
+CVE-2021
+--------
+
+CVE-2021-32020
+~~~~~~~~~~~~~~
+
+Insufficient bounds checking during management of heap memory in FreeRTOS
+
+* Impact: ESP-IDF uses its own heap allocator and hence not applicable
+* Resolution: NA
+
+CVE-2021-43997
+~~~~~~~~~~~~~~
+
+Privilege escalation issue in FreeRTOS ARMv7-M and ARMv8-M MPU ports
+
+* Impact: Not applicable for Espressif chips
+* Resolution: NA
+
+CVE-2021-3420
+~~~~~~~~~~~~~
+
+Security Advisory on "BadAlloc" Vulnerabilities
+
+* Espressif Advisory: `AR2021-005`_
+* Impact: Not applicable for ESP-IDF
+* Resolution: NA
+
+CVE-2021-31571
+~~~~~~~~~~~~~~
+
+Security Advisory on "BadAlloc" Vulnerabilities
+
+* Espressif Advisory: `AR2021-005`_
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+
+CVE-2021-31572
+~~~~~~~~~~~~~~
+
+Security Advisory on "BadAlloc" Vulnerabilities
+
+* Espressif Advisory: `AR2021-005`_
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+
+CVE-2021-28139
+~~~~~~~~~~~~~~
+
+Security Advisory for Bluetooth Vulnerability
+
+* Covers additional CVEs: CVE-2020-10135, CVE-2020-13595, CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560, CVE-2021-28135, CVE-2021-28136
+* Espressif Advisory: `AR2021-004`_
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+
+
+CVE-2020
+--------
+
+CVE-2020-22283
+~~~~~~~~~~~~~~
+
+Buffer overflow vulnerability in lwIP stack
+
+* Espressif Advisory: NA
+* Impact: Applicable for ESP-IDF
+* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1
+
+CVE-2020-22284
+~~~~~~~~~~~~~~
+
+Buffer overflow vulnerability in lwIP stack
+
+* Espressif Advisory: NA
+* Impact: Applicable for ESP-IDF
+* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1
+
+CVE-2020-26142
+~~~~~~~~~~~~~~
+
+Security Advisory for WLAN FragAttacks
+
+* Espressif Advisory: `AR2023-008`_
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+
+CVE-2020-12638
+~~~~~~~~~~~~~~
+
+Security Advisory Concerning Wi-Fi Authentication Bypass
+
+* Espressif Advisory: `AR2020-002`_
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+
+
+.. _`AR2020-002`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2020-002%20Security%20Advisory%20Concerning%20Wi-Fi%20Authentication%20Bypass%20V1.1%20EN.pdf
+.. _`AR2021-004`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-004%20Bluetooth%20Security%20Advisory.pdf
+.. _`AR2021-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-005%20Security%20Advisory%20on%20BadAlloc%20Vulnerabilities.pdf
+.. _`AR2023-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf
+.. _`AR2023-008`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-008%20Security%20Advisory%20for%20WLAN%20FragAttacks%20v1.1%20EN_0.pdf
+.. _`AR2023-010`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-010%20Security%20Advisory%20Concerning%20the%20Bluetooth%20BLUFFS%20Vulnerability%20EN.pdf
+.. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8
+.. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm
diff --git a/docs/zh_CN/security/index.rst b/docs/zh_CN/security/index.rst
index 57e6dda5c7..6c36bf941a 100644
--- a/docs/zh_CN/security/index.rst
+++ b/docs/zh_CN/security/index.rst
@@ -11,3 +11,4 @@
    :esp32: secure-boot-v1
    secure-boot-v2
    host-based-security-workflows
+   vulnerabilities
diff --git a/docs/zh_CN/security/vulnerabilities.rst b/docs/zh_CN/security/vulnerabilities.rst
new file mode 100644
index 0000000000..a63494ff42
--- /dev/null
+++ b/docs/zh_CN/security/vulnerabilities.rst
@@ -0,0 +1 @@
+.. include:: ../../en/security/vulnerabilities.rst

From 1f5abb42bc817e28f0407865d002cc0d89a172e2 Mon Sep 17 00:00:00 2001
From: zhangyanjiao <zhangyanjiao@espressif.com>
Date: Wed, 11 Dec 2024 17:56:01 +0800
Subject: [PATCH 2/3] fix(wifi): Added CVE-2024-53845 to vulnerabilities list

---
 docs/en/security/vulnerabilities.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/en/security/vulnerabilities.rst b/docs/en/security/vulnerabilities.rst
index 32a188891c..5a4bf1898c 100644
--- a/docs/en/security/vulnerabilities.rst
+++ b/docs/en/security/vulnerabilities.rst
@@ -10,6 +10,17 @@ This page briefly lists all of the vulnerabilities that are discovered and fixed
 CVE-2024
 --------
 
+CVE-2024-53845
+~~~~~~~~~~~~~~
+
+AES/CBC Constant IV Vulnerability in ESPTouch v2
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-wm57-466g-mhrr`_
+
+
 CVE-2024-28183
 ~~~~~~~~~~~~~~
 
@@ -162,3 +173,4 @@ Security Advisory Concerning Wi-Fi Authentication Bypass
 .. _`AR2023-010`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-010%20Security%20Advisory%20Concerning%20the%20Bluetooth%20BLUFFS%20Vulnerability%20EN.pdf
 .. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8
 .. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm
+.. _`GHSA-wm57-466g-mhrr` : https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr

From 240e9810c9b9d2d9e05ea4a40db609de9a3a62f7 Mon Sep 17 00:00:00 2001
From: zhangyanjiao <zhangyanjiao@espressif.com>
Date: Thu, 12 Jun 2025 15:51:21 +0800
Subject: [PATCH 3/3] fix(wifi): Added CVE-2025-52471 to vulnerabilities list

---
 docs/en/security/vulnerabilities.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/en/security/vulnerabilities.rst b/docs/en/security/vulnerabilities.rst
index 5a4bf1898c..9a44a488e8 100644
--- a/docs/en/security/vulnerabilities.rst
+++ b/docs/en/security/vulnerabilities.rst
@@ -7,6 +7,20 @@ This page briefly lists all of the vulnerabilities that are discovered and fixed
 .. note::
    Please refer to ``latest`` version of this documentation guide for up-to-date information.
 
+CVE-2025
+--------
+
+CVE-2025-52471
+~~~~~~~~~~~~~~
+
+ESP-NOW Integer Underflow Vulnerability Advisory
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-hqhh-cp47-fv5g`_
+
+
 CVE-2024
 --------
 
@@ -174,3 +188,4 @@ Security Advisory Concerning Wi-Fi Authentication Bypass
 .. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8
 .. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm
 .. _`GHSA-wm57-466g-mhrr` : https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr
+.. _`GHSA-hqhh-cp47-fv5g` : https://github.com/espressif/esp-idf/security/advisories/GHSA-hqhh-cp47-fv5g