Security updates are provided for the latest public FSP release only.
Renesas maintains a dedicated portal to handle security incidents. The security policy as well as reporting method is described here: https://www.renesas.com/support/renesas-psirt.
Security Advisories are published here: https://www.renesas.com/support/renesas-psirt#advisories
Security incidents in third party code must be reported to the specific vendor.
Arm announced a potential software security issue in code that uses Cortex-M Security Information (CMSE) at https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions. The issue has been assigned the identifier CVE-2024-0151.
All the versions of RZ/G FSP isn't affected this issue since the conditions stated in the above website won't be satisfied.