PT-2019-4639 · Stmicroelectronics · St33Tphf2Espi

Berk Sunar

Published

2019-11-13

Updated

2022-05-03

CVE-2019-16863

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions STMicroelectronics ST33TPHF2ESPI TPM devices versions prior to 2019-09-12

Description The issue is related to a side-channel timing attack that allows attackers to extract the ECDSA private key due to mishandled ECDSA scalar multiplication. This vulnerability is associated with defects in the cryptographic algorithms used in the TPM processor's firmware. An attacker can exploit this issue to recover the value of closed keys stored in the Trusted Platform Module.

Recommendations For versions prior to 2019-09-12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of a Broken Cryptographic Algorithm

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-203

Related Identifiers

BDU:2020-00800

CVE-2019-16863

Affected Products

St33Tphf2Espi

PT-2019-4639 · Stmicroelectronics · St33Tphf2Espi

CVE-2019-16863

Weakness Enumeration

Related Identifiers

Affected Products

References · 14