PT-2023-1562 · Tpm2.0+10 · Tpm2.0+10

Francisco Falcon

Published

2023-02-28

Updated

2025-03-07

CVE-2023-1018

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TPM2.0 (affected versions not specified)

Description The issue is related to an out-of-bounds read vulnerability in the CryptParameterDecryption routine of the Trusted Platform Module (TPM) microprogram. This vulnerability allows an attacker to read or access sensitive data stored in the TPM by performing a 2-byte read past the end of a TPM2.0 command. The vulnerability can be exploited to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:2453

ALSA-2023:2757

ALT-PU-2023-1896

ALT-PU-2023-1933

ALT-PU-2024-14805

BDU:2023-01029

CESA-2023_2757

CVE-2023-1018

MGASA-2023-0102

OESA-2023-1299

OPENSUSE-SU-2024:12763-1

RHSA-2023:1833

RHSA-2023:2453

RHSA-2023:2757

RHSA-2023_2453

RHSA-2023_2757

SUSE-SU-2023:2051-1

USN-5933-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Tpm2.0

Ubuntu

Windows

PT-2023-1562 · Tpm2.0+10 · Tpm2.0+10

CVE-2023-1018

Weakness Enumeration

Related Identifiers

Affected Products

References · 68