An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
References
Link | Resource |
---|---|
https://kb.cert.org/vuls/id/782720 | Third Party Advisory US Government Resource |
https://trustedcomputinggroup.org/about/security/ | Vendor Advisory |
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf | Vendor Advisory |
https://kb.cert.org/vuls/id/782720 | Third Party Advisory US Government Resource |
https://trustedcomputinggroup.org/about/security/ | Vendor Advisory |
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 07:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://kb.cert.org/vuls/id/782720 - Third Party Advisory, US Government Resource | |
References | () https://trustedcomputinggroup.org/about/security/ - Vendor Advisory | |
References | () https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf - Vendor Advisory |
01 Apr 2024, 15:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
First Time |
Microsoft windows 10 1607
Microsoft windows 10 22h2 Microsoft windows Server 2022 Microsoft Microsoft windows 10 1507 Microsoft windows 10 20h2 Microsoft windows 10 1809 Microsoft windows 11 22h2 Microsoft windows Server 2016 Microsoft windows 10 21h2 Microsoft windows Server 2019 Microsoft windows 11 21h2 |
Information
Published : 2023-02-28 18:15
Updated : 2024-11-21 07:38
NVD link : CVE-2023-1018
Mitre link : CVE-2023-1018
CVE.ORG link : CVE-2023-1018
JSON object : View
Products Affected
trustedcomputinggroup
- trusted_platform_module
microsoft
- windows_10_20h2
- windows_10_21h2
- windows_server_2016
- windows_server_2022
- windows_11_21h2
- windows_10_1607
- windows_10_1507
- windows_10_1809
- windows_10_22h2
- windows_11_22h2
- windows_server_2019
CWE
CWE-125
Out-of-bounds Read