CVE-2019-16863

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:st:st33tphf2espi_firmware:71.0:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:71.4:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:71.12:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:73.0:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:73.4:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:73.8:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf2espi:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:st:st33tphf2ei2c_firmware:73.5:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2ei2c_firmware:73.9:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf2ei2c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:st:st33tphf20spi_firmware:74.0:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20spi_firmware:74.4:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20spi_firmware:74.8:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20spi_firmware:74.16:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf20spi:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:st:st33tphf20i2c_firmware:74.5:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20i2c_firmware:74.9:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf20i2c:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:06

Type Values Removed Values Added
References
  • {'url': 'https://support.f5.com/csp/article/K32412503?utm_source=f5support&utm_medium=RSS', 'name': 'https://support.f5.com/csp/article/K32412503?utm_source=f5support&utm_medium=RSS', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • () https://support.f5.com/csp/article/K32412503?utm_source=f5support&amp%3Butm_medium=RSSĀ -

Information

Published : 2019-11-14 03:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-16863

Mitre link : CVE-2019-16863

CVE.ORG link : CVE-2019-16863


JSON object : View

Products Affected

st

  • st33tphf20spi
  • st33tphf2ei2c_firmware
  • st33tphf2ei2c
  • st33tphf2espi
  • st33tphf20i2c_firmware
  • st33tphf20i2c
  • st33tphf20spi_firmware
  • st33tphf2espi_firmware
CWE
CWE-203

Observable Discrepancy

CWE-327

Use of a Broken or Risky Cryptographic Algorithm