CVE-2023-1018

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*
cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*
cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:38

Type Values Removed Values Added
References () https://kb.cert.org/vuls/id/782720 - Third Party Advisory, US Government Resource () https://kb.cert.org/vuls/id/782720 - Third Party Advisory, US Government Resource
References () https://trustedcomputinggroup.org/about/security/ - Vendor Advisory () https://trustedcomputinggroup.org/about/security/ - Vendor Advisory
References () https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf - Vendor Advisory () https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf - Vendor Advisory

01 Apr 2024, 15:50

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
First Time Microsoft windows 10 1607
Microsoft windows 10 22h2
Microsoft windows Server 2022
Microsoft
Microsoft windows 10 1507
Microsoft windows 10 20h2
Microsoft windows 10 1809
Microsoft windows 11 22h2
Microsoft windows Server 2016
Microsoft windows 10 21h2
Microsoft windows Server 2019
Microsoft windows 11 21h2

Information

Published : 2023-02-28 18:15

Updated : 2024-11-21 07:38


NVD link : CVE-2023-1018

Mitre link : CVE-2023-1018

CVE.ORG link : CVE-2023-1018


JSON object : View

Products Affected

trustedcomputinggroup

  • trusted_platform_module

microsoft

  • windows_10_20h2
  • windows_10_21h2
  • windows_server_2016
  • windows_server_2022
  • windows_11_21h2
  • windows_10_1607
  • windows_10_1507
  • windows_10_1809
  • windows_10_22h2
  • windows_11_22h2
  • windows_server_2019
CWE
CWE-125

Out-of-bounds Read