The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.
References
Link | Resource |
---|---|
https://www.amd.com/en/corporate/product-security | Vendor Advisory |
https://www.amd.com/en/corporate/product-security | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.amd.com/en/corporate/product-security - Vendor Advisory |
Information
Published : 2020-11-12 20:15
Updated : 2024-11-21 05:00
NVD link : CVE-2020-12926
Mitre link : CVE-2020-12926
CVE.ORG link : CVE-2020-12926
JSON object : View
Products Affected
amd
- trusted_platform_modules_reference
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition