An out-of-bounds read vulnerability exists in TPM2.0βs Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
[
{
"vendor": "Trusted Computing Group",
"product": "TPM2.0",
"versions": [
{
"status": "affected",
"version": "1.59"
}
]
},
{
"vendor": "Trusted Computing Group",
"product": "TPM2.0",
"versions": [
{
"status": "affected",
"version": "1.38"
}
]
},
{
"vendor": "Trusted Computing Group",
"product": "TPM2.0",
"versions": [
{
"status": "affected",
"version": "1.16"
}
]
}
]