CVE-2023-1017

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TPM2.0 (affected versions not specified)

Description An out-of-bounds write vulnerability exists in TPM2.0's Module Library, allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. This can lead to denial of service, causing the TPM chip or process to crash or become unusable, and/or arbitrary code execution in the TPM context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2023:2453

ALT-PU-2023-1896

ALT-PU-2023-1933

ALT-PU-2024-14805

BDU:2023-01188

CVE-2023-1017

MGASA-2023-0102

OESA-2023-1299

OPENSUSE-SU-2024:12763-1

RHSA-2023:1833

RHSA-2023:2453

RHSA-2023_2453

SUSE-SU-2023:2051-1

SUSE-SU-2023_2051-1

USN-5933-1

Affected Products

Alt Linux

Almalinux

Linuxmint

Red Hat

Red Os

Suse

Tpm2.0

Ubuntu

Windows

CVE-2023-1017

Weakness Enumeration

Related Identifiers

Affected Products

References · 54