PT-2023-1651 · Tpm2.0+8 · Tpm2.0+8

Francisco Falcon

Publicado

2023-02-28

Atualizado

2024-11-29

CVE-2023-1017

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TPM2.0 (affected versions not specified)

Description An out-of-bounds write vulnerability exists in TPM2.0's Module Library, allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. This can lead to denial of service, causing the TPM chip or process to crash or become unusable, and/or arbitrary code execution in the TPM context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2023:2453

ALT-PU-2023-1896

ALT-PU-2023-1933

ALT-PU-2024-14805

BDU:2023-01188

CVE-2023-1017

MGASA-2023-0102

OESA-2023-1299

OPENSUSE-SU-2024:12763-1

RHSA-2023:1833

RHSA-2023:2453

RHSA-2023_2453

SUSE-SU-2023:2051-1

SUSE-SU-2023_2051-1

USN-5933-1

Produtos afetados

Alt Linux

Almalinux

Linuxmint

Red Hat

Red Os

Suse

Tpm2.0

Ubuntu

Windows

PT-2023-1651 · Tpm2.0+8 · Tpm2.0+8

CVE-2023-1017

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54