CVE-2023-22745

Name of the Vulnerable Software and Affected Versions tpm2-tss versions (affected versions not specified)

Description The issue is related to the Tss2 RC SetHandler and Tss2 RC Decode functions in the tpm2-tss implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). These functions index into the layer handler array with an 8-bit layer number, but the array only has TPM2 ERROR TSS2 RC LAYER COUNT entries. This can cause a buffer overrun when trying to add a handler for higher-numbered layers or decode a response code with such a layer number, potentially resulting in arbitrary code execution. An example attack could be a Man-in-the-Middle (MiTM) bus attack that returns 0xFFFFFFFF for the response code. The attacker must have local access to the target machine with local system privileges, which typically requires administrative privilege.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.