CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

🗓️ 10 Jun 2025 17:29:19Reported by certccType

CVE-2025-2884 is an Out-of-Bounds read vulnerability in TCG TPM2.0 implementation's CryptHmacSign function.

Reporter	Title	Published	Views	Family All 37
IBM Security Bulletins	Security Bulletin: This Power System update is being released to address CVE-2025-2884	28 Jun 202502:35	–	ibm
Amd	TPM Reference Implementation	10 Jun 202500:00	–	amd
Circl	CVE-2025-2884	10 Jun 202517:53	–	circl
CNNVD	TCG TPM 安全漏洞	10 Jun 202500:00	–	cnnvd
CVE	CVE-2025-2884	10 Jun 202517:29	–	cve
EUVD	EUVD-2025-17717	3 Oct 202520:07	–	euvd
Hewlett-Packard	Intel PTT and SPS Firmware June 2025 Security Update	16 Jun 202500:00	–	hp
Hewlett-Packard	Infineon TPM Reference Implementation Out-of-Bounds Read	14 Jul 202500:00	–	hp
Hewlett-Packard	AMD TPM Reference Implementation June 2025 Security Update	21 Oct 202500:00	–	hp
ICS	Siemens TPM 2.0	14 Apr 202600:00	–	ics

[
  {
    "vendor": "Trusted Computing Group",
    "product": "TPM2.0",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.83",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cve	www.cve.org/CVERecord
trustedcomputinggroup	www.trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
github	www.github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
trustedcomputinggroup	www.trustedcomputinggroup.org/about/security/
trustedcomputinggroup	www.trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf

13 Jun 2025 18:22Current

EPSS0.00078

cve-2025-2884 out-of-bounds read vulnerability tcg tpm2.0 crypthmacsign function