doc: Add missing CVE links to advisories

Some security advisories did not contain a direct link to the CVE page
on mitre.org.

Change-Id: I80f8f27a25da3a76b564a3e49cafe5e253379f37
Signed-off-by: Paul Beesley <paul.beesley@arm.com>

docs/security_advisories/security-advisory-tfv-1.rst

@@ -2,7 +2,7 @@
 | Title          | Malformed Firmware Update SMC can result in copy of         |
 |                | unexpectedly large data into secure memory                  |
 +================+=============================================================+
-| CVE ID         | CVE-2016-10319                                              |
+| CVE ID         | `CVE-2016-10319`_                                           |
 +----------------+-------------------------------------------------------------+
 | Date           | 18 Oct 2016                                                 |
 +----------------+-------------------------------------------------------------+
@@ -154,5 +154,6 @@ ARM platform version of this function contains a similar vulnerability:
   return success. Platforms that copy this insecure pattern will have the same
   vulnerability.
 
+.. _CVE-2016-10319: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10319
 .. _48bfb88: https://github.com/ARM-software/arm-trusted-firmware/commit/48bfb88
 .. _Pull Request #783: https://github.com/ARM-software/arm-trusted-firmware/pull/783

docs/security_advisories/security-advisory-tfv-2.rst

@@ -2,7 +2,7 @@
 | Title          | Enabled secure self-hosted invasive debug interface can     |
 |                | allow normal world to panic secure world                    |
 +================+=============================================================+
-| CVE ID         | CVE-2017-7564                                               |
+| CVE ID         | `CVE-2017-7564`_                                            |
 +----------------+-------------------------------------------------------------+
 | Date           | 02 Feb 2017                                                 |
 +----------------+-------------------------------------------------------------+
@@ -51,6 +51,7 @@ image or integrate the `AArch32 equivalent`_ of the ``el3_arch_init_common``
 macro. Here the affected bits are ``SDCR.SPD``, which should also be assigned to
 ``10`` instead of ``00``
 
+.. _CVE-2017-7564: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7564
 .. _commit 495f3d3: https://github.com/ARM-software/arm-trusted-firmware/commit/495f3d3
 .. _AArch64 macro: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch64/el3_common_macros.S#L85
 .. _AArch32 equivalent: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch32/el3_common_macros.S#L41

docs/security_advisories/security-advisory-tfv-3.rst

@@ -1,7 +1,7 @@
 +----------------+-------------------------------------------------------------+
 | Title          | RO memory is always executable at AArch64 Secure EL1        |
 +================+=============================================================+
-| CVE ID         | CVE-2017-7563                                               |
+| CVE ID         | `CVE-2017-7563`_                                            |
 +----------------+-------------------------------------------------------------+
 | Date           | 06 Apr 2017                                                 |
 +----------------+-------------------------------------------------------------+
@@ -78,5 +78,6 @@ The vulnerability is mitigated by the following factors:
   mapped into the secure world is non-executable by setting the ``SCR_EL3.SIF``
   bit. See the ``el3_arch_init_common`` macro in ``el3_common_macros.S``.
 
+.. _CVE-2017-7563: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7563
 .. _Pull Request #662: https://github.com/ARM-software/arm-trusted-firmware/pull/662
 .. _Pull Request #924: https://github.com/ARM-software/arm-trusted-firmware/pull/924

docs/security_advisories/security-advisory-tfv-4.rst

@@ -3,7 +3,7 @@
 |                | authentication of unexpected data in secure memory in       |
 |                | AArch32 state                                               |
 +================+=============================================================+
-| CVE ID         | CVE-2017-9607                                               |
+| CVE ID         | `CVE-2017-9607`_                                            |
 +----------------+-------------------------------------------------------------+
 | Date           | 20 Jun 2017                                                 |
 +----------------+-------------------------------------------------------------+
@@ -114,6 +114,7 @@ The vulnerability is known to affect all ARM standard platforms when enabling
 the ``TRUSTED_BOARD_BOOT`` and ``ARCH=aarch32`` build options.  Other platforms
 may also be affected if they fulfil the above conditions.
 
+.. _CVE-2017-9607: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9607
 .. _commit c396b73: https://github.com/ARM-software/arm-trusted-firmware/commit/c396b73
 .. _Pull Request #678: https://github.com/ARM-software/arm-trusted-firmware/pull/678
 .. _Pull Request #939: https://github.com/ARM-software/arm-trusted-firmware/pull/939

docs/security_advisories/security-advisory-tfv-5.rst

@@ -2,7 +2,7 @@
 | Title          | Not initializing or saving/restoring ``PMCR_EL0`` can leak  |
 |                | secure world timing information                             |
 +================+=============================================================+
-| CVE ID         | CVE-2017-15031                                              |
+| CVE ID         | `CVE-2017-15031`_                                           |
 +----------------+-------------------------------------------------------------+
 | Date           | 02 Oct 2017                                                 |
 +----------------+-------------------------------------------------------------+
@@ -39,4 +39,5 @@ sensible default values in the secure context.
 The same issue exists for the equivalent AArch32 register, ``PMCR``, except that
 here ``PMCR_EL0.DP`` architecturally resets to zero.
 
+.. _CVE-2017-15031: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15031
 .. _Pull Request #1127: https://github.com/ARM-software/arm-trusted-firmware/pull/1127

docs/security_advisories/security-advisory-tfv-8.rst

@@ -2,7 +2,7 @@
 | Title          | Not saving x0 to x3 registers can leak information from one |
 |                | Normal World SMC client to another                          |
 +================+=============================================================+
-| CVE ID         | CVE-2018-19440                                              |
+| CVE ID         | `CVE-2018-19440`_                                           |
 +----------------+-------------------------------------------------------------+
 | Date           | 27 Nov 2018                                                 |
 +----------------+-------------------------------------------------------------+
@@ -94,6 +94,7 @@ line 19 (referring to the version of the code as of `commit c385955`_):
         /* Save r0 - r12 in the SMC context */
         stm sp, {r0-r12}
 
+.. _CVE-2018-19440: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19440
 .. _commit c385955: https://github.com/ARM-software/arm-trusted-firmware/commit/c385955
 .. _SMC Calling Convention: http://arminfo.emea.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
 .. _Pull Request #1710: https://github.com/ARM-software/arm-trusted-firmware/pull/1710