CVE-2019-16863

Name of the Vulnerable Software and Affected Versions STMicroelectronics ST33TPHF2ESPI TPM devices versions prior to 2019-09-12

Description The issue is related to a side-channel timing attack that allows attackers to extract the ECDSA private key due to mishandled ECDSA scalar multiplication. This vulnerability is associated with defects in the cryptographic algorithms used in the TPM processor's firmware. An attacker can exploit this issue to recover the value of closed keys stored in the Trusted Platform Module.

Recommendations For versions prior to 2019-09-12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.