Vulnerabilites related to Trusted Computing Group - TPM2.0
cve-2023-1018
Vulnerability from cvelistv5
Published
2023-02-28 17:54
Modified
2025-03-07 18:38
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trusted Computing Group | TPM2.0 |
Version: 1.59 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:32:46.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TCG TPM2.0 Errata Version 1.4", tags: [ "x_transferred", ], url: "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf", }, { name: "TCG Security Advisories", tags: [ "x_transferred", ], url: "https://trustedcomputinggroup.org/about/security/", }, { name: "CERT/CC Advisory VU#782720", tags: [ "x_transferred", ], url: "https://kb.cert.org/vuls/id/782720", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-1018", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-07T18:38:17.368376Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-07T18:38:47.809Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "TPM2.0", vendor: "Trusted Computing Group", versions: [ { status: "affected", version: "1.59", }, ], }, { product: "TPM2.0", vendor: "Trusted Computing Group", versions: [ { status: "affected", version: "1.38", }, ], }, { product: "TPM2.0", vendor: "Trusted Computing Group", versions: [ { status: "affected", version: "1.16", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Francisco Falcon of Quarkslab", }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-125 Out-of-bounds Read", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-28T19:08:19.512Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "TCG TPM2.0 Errata Version 1.4 ", url: "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf", }, { name: "TCG Security Advisories", url: "https://trustedcomputinggroup.org/about/security/", }, { name: "CERT/CC Advisory VU#782720", url: "https://kb.cert.org/vuls/id/782720", }, ], source: { discovery: "external", }, title: "TPM2.0 vulnerable to out-of-bounds read ", x_generator: { engine: "VINCE 2.0.6", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2023-1018", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2023-1018", datePublished: "2023-02-28T17:54:33.260Z", dateReserved: "2023-02-24T16:06:48.994Z", dateUpdated: "2025-03-07T18:38:47.809Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1017
Vulnerability from cvelistv5
Published
2023-02-28 18:02
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trusted Computing Group | TPM2.0 |
Version: 1.59 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:32:46.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TCG TPM2.0 Errata Version 1.4", tags: [ "x_transferred", ], url: "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf", }, { name: "TCG Security Advisories", tags: [ "x_transferred", ], url: "https://trustedcomputinggroup.org/about/security/", }, { name: "CERT/CC Advisory VU#782720", tags: [ "x_transferred", ], url: "https://kb.cert.org/vuls/id/782720", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "TPM2.0", vendor: "Trusted Computing Group", versions: [ { status: "affected", version: "1.59", }, ], }, { product: "TPM2.0", vendor: "Trusted Computing Group", versions: [ { status: "affected", version: "1.38", }, ], }, { product: "TPM2.0", vendor: "Trusted Computing Group", versions: [ { status: "affected", version: "1.19", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Francisco Falcon of Quarkslab", }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-787 Out-of-bounds Write", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-28T19:09:18.722Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "TCG TPM2.0 Errata Version 1.4 ", url: "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf", }, { name: "TCG Security Advisories", url: "https://trustedcomputinggroup.org/about/security/", }, { name: "CERT/CC Advisory VU#782720", url: "https://kb.cert.org/vuls/id/782720", }, ], source: { discovery: "external", }, title: "TPM2.0 vulnerable to out-of-bounds write", x_generator: { engine: "VINCE 2.0.6", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2023-1017", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2023-1017", datePublished: "2023-02-28T18:02:27.064Z", dateReserved: "2023-02-24T16:02:22.626Z", dateUpdated: "2024-08-02T05:32:46.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }