PSIRT
Product Security Incident Response Team
About ST PSIRT
ST's Product Security Incident Response Team (ST PSIRT) supervises the process of accepting and responding to reports of potential security vulnerabilities involving ST hardware and software products.
ST places a high priority on security, and ST PSIRT is committed to rapidly addressing potential security vulnerabilities affecting our products. Our long history and vast experience in security allows ST to perform clear analyses and provide appropriate guidance on mitigations and solutions when applicable.
If you wish to report a potential security vulnerability regarding our products, we encourage you to report it to ST PSIRT by following the steps described on this page.
How to report a potential security vulnerability
To report a potential security vulnerability, please contact ST PSIRT at psirt@st.com.
All exchanges and reports must be provided in English.
Because of the sensitive nature of such reporting, ST PSIRT highly encourages all potential security vulnerability reports to be sent encrypted, using the ST PSIRT PGP/GPG Key:
- Fingerprint: F2B8 13E0 6AD0 CBD0 81B9 FA94 0FEE E399 08AE 602C
- Public Key File (ZIP, 3 KB)
Free software to read and author PGP/GPG encrypted messages may be obtained from:
IMPORTANT-READ CAREFULLY:
STMicroelectronics N.V., on behalf of itself, its affiliates and subsidiaries, (collectively “ST”) takes all potential security vulnerability reports or other related communications (“Report(s)”) seriously. In order to review Your Report (the terms “You” and “Yours” include your employer, and all affiliates, subsidiaries and related persons or entities) and take actions as deemed appropriate, ST requires that we have the rights and Your permission to do so.
As such, by submitting Your Report to ST, You agree that You have the right to do so, and You grant to ST the rights to use the Report for purposes related to security vulnerability analysis, testing, correction, patching, reporting and any other related purpose or function.
Information to include in your report
To allow ST PSIRT to process the reported potential security vulnerability, you should provide the following information:
- ST product identification: part number or product reference and version (hardware or software).
- Complete technical description of the potential vulnerability, including any related known exploits.
- How and when the potential vulnerability was discovered.
- Are you aware of any reliable evidence that a malicious actor may have exploited the potential vulnerability in some manner?
If yes, please share details. - Any public information already published or planned to be published (CVE, academic paper publication, etc.).
- Your contact information to use during the process.
- Any further information you deem appropriate to better process the reported potential security vulnerability.
Insufficient or incomplete information may prevent ST from evaluating the request, and ST reserves the right to withhold evaluation in such cases.
Potential vulnerability management process
Once submitted, ST PSIRT will manage the reported potential security vulnerability according to the following process:
- Reporting a new vulnerability: At this stage, ST PSIRT will acknowledge receipt of the reported issue.
- Evaluating: ST PSIRT will evaluate the potential vulnerability to understand if there is an issue, analyze it, and set a priority to manage valid issues. ST PSIRT may come back to the submitter in case some information is missing from the original report or if clarification is needed.
- Solving: ST PSIRT will investigate potential solutions and mitigations to address valid issues.
- Communicating: Once a solution is available (fix or mitigation), ST PSIRT will communicate back to the submitter and others where appropriate.
Public security advisories and bulletins
Documents are only available in English.
| ID | Document title | Document type | Version | Latest Update |
|---|---|---|---|---|
| SB0032 | Security Bulletin | 1.0 | 17 Dec 2024 | |
| SB0023 | Security Bulletin | 1.0 | 19 Nov 2024 | |
| SA0022 | Security Advisory | 1.0 | 24 Oct 2024 | |
| SA0025 | Security Advisory | 1.0 | 23 Oct 2024 | |
| SD0006 | Security Bulletin | 1.0 | 15 Feb 2024 | |
| DM00928519 | Security Bulletin | 2.0 | 20 Feb 2025 |
Public security advisories and bulletins
Documents are only available in English.
Security Bulletin
1.0
17 Dec 2024
Security Bulletin
1.0
19 Nov 2024
Security Advisory
1.0
24 Oct 2024
Security Bulletin
1.0
15 Feb 2024
Security Bulletin
2.0
20 Feb 2025
The above should not be deemed a complete list of all security incidents related to ST Products. If you wish to find out more about the security status of a particular ST Product, please contact your ST sales representative.