Security updates are provided for the latest public FSP release only.

Renesas maintains a dedicated portal to handle security incidents. The security policy as well as reporting method is described here: https://www.renesas.com/support/renesas-psirt.

Security Advisories are published here: https://www.renesas.com/support/renesas-psirt#advisories

Security incidents in third party code must be reported to the specific vendor.

Arm announced a potential software security issue in code that uses Cortex-M Security Information (CMSE) at https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions. The issue has been assigned the identifier CVE-2024-0151.

All the versions of RZ/V FSP isn't affected this issue since the conditions stated in the above website won't be satisfied.