CVE-2020-26933

Name of the Vulnerable Software and Affected Versions Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59

Description The issue is related to Incorrect Access Control during a non-orderly TPM shut-down that uses USE DA USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.

Recommendations For Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59, consider implementing proper initialization of the non-orderly TPM shut-down to prevent susceptibility to dictionary attacks. As a temporary workaround, consider restricting the use of USE DA USED until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this issue.