Antonin Dufka

Name of the Vulnerable Software and Affected Versions: Nuvoton Trusted Platform Module (NPCT75x) versions 7.2.x before 7.2.2.0 Description: An attacker with physical access could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. This issue affects the ECDSA implementation due to an observable timing discrepancy, allowing an attacker to potentially extract sensitive information. Recommendations: For Nuvoton Trusted Platform Module (NPCT75x) versions 7.2.x before 7.2.2.0, update to version 7.2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the module to minimize the risk of exploitation.