CVE-2018-6622

Name of the Vulnerable Software and Affected Versions Trusted Platform Module (TPM) 2.0 (affected versions not specified)

Description The issue affects BIOS firmware producers who interpret a certain portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification in a specific way. It involves an abnormal case not being handled properly by the firmware during S3 sleep, which can clear TPM 2.0 and allow local users to overwrite static PCRs of TPM. This can neutralize the security features of TPM, such as seal/unseal and remote attestation. The vulnerability is related to errors in security settings and can impact the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.