3.3. Security Handling
3.3.1. Security Disclosures
We disclose all security vulnerabilities we find, or are advised about, that are relevant to Hafnium. We encourage responsible disclosure of vulnerabilities and inform users as best we can about all possible issues.
We disclose Hafnium vulnerabilities as Security Advisories, all of which are listed at the bottom of this page. Any new ones will, additionally, be announced on the Hafnium project’s mailing list.
3.3.2. Found a Security Issue?
Although we try to keep Hafnium secure, we can only do so with the help of the community of developers and security researchers.
Warning
If you think you have found a security vulnerability, please do not report it in the issue tracker or on the mailing list. Instead, please follow the TrustedFirmware.org security incident process.
One of the goals of this process is to ensure providers of products that use Hafnium have a chance to consider the implications of the vulnerability and its remedy before it is made public. As such, please follow the disclosure plan outlined in the process. We do our best to respond and fix any issues quickly.
Afterwards, we encourage you to write-up your findings about the Hafnium source code.
3.3.3. Attribution
We will name and thank you in the Change Log & Release Notes distributed with the source code and in any published security advisory.
3.3.4. Security Advisories
ID |
Title |
|---|---|
Copyright (c) 2026, Arm Limited. All rights reserved.