Issue
When exporting FFDH public keys, psa_export_public_key() does not properly check that the user-supplied output buffer is large enough to hold the exported key. If the caller supplies an undersized buffer, the entire key is still written, overflowing the buffer and causing memory corruption that may allow arbitrary code execution. Affects all versions of Mbed TLS from 3.5.0 through 3.6.5, and TF-PSA-Crypto 1.0.0.
https://nvd.nist.gov/vuln/detail/CVE-2026-34875
Workaround
Update to mbedTLS v3.6.6, TF-PSA-Crypto 1.1.0, or a newer version of either.
FSP v6.5.0 (scheduled for 2026/05/27) includes mbedTLS v3.6.6.
Issue
When exporting FFDH public keys, psa_export_public_key() does not properly check that the user-supplied output buffer is large enough to hold the exported key. If the caller supplies an undersized buffer, the entire key is still written, overflowing the buffer and causing memory corruption that may allow arbitrary code execution. Affects all versions of Mbed TLS from 3.5.0 through 3.6.5, and TF-PSA-Crypto 1.0.0.
https://nvd.nist.gov/vuln/detail/CVE-2026-34875
Workaround
Update to mbedTLS v3.6.6, TF-PSA-Crypto 1.1.0, or a newer version of either.
FSP v6.5.0 (scheduled for 2026/05/27) includes mbedTLS v3.6.6.