Amd.comAMD-SB-7002TPM Out of Bounds Access
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
12.8%
Bulletin ID: AMD-SB-7002 **Potential Impact:**Varies by CVE, see descriptions below **Severity:**Varies by CVE, see descriptions below
Summary
Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs. These vulnerabilities may allow an attacker, who has gained authenticated access through a local account on an affected system, read and write access to protected areas of the TPM’s memory.
Existing protections prevent code execution or exfiltration of data, but the out of bounds access may cause an error, potentially resulting in a denial of service.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | Description |
|---|---|---|
| CVE-2023-1018 | Medium | An out-of-bounds read vulnerability exists in TPM2.0’s Module Library allowing a 2-byte read past the end of a TPM2.0 command as in the above described OOB read routines. An attacker who can successfully exploit this vulnerability can read sensitive data stored in the TPM. |
| CVE-2023-1017 | High | An out-of-bounds write vulnerability exists in TPM2.0’s Module Library allowing writing of a 2-byte data past the end of TPM2.0 command as in the above described OOB write routines. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. |
Affected Product
Desktop
2nd Gen AMD Ryzen™ Threadripper™ Processors
Mitigation
The AGESA™ version listed below is released to the Original Equipment Manufacturers (OEM) to address the potential vulnerabilities identified above. Please refer to your OEM for the BIOS update specific to your product.
| Program Name | Code Name | AGESA Version |
|---|---|---|
| 2nd Gen AMD Ryzen™ Threadripper™ Processors | “Colfax” | SummitPI-SP3r2 1.1.0.7 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
12.8%