ST Microelectronics TPM Firmware ECDSA Signature Generation Vulnerability - Lenovo Support US

Type lenovo
Reporter Lenovo
Modified 2021-04-19T16:14:48


Lenovo Security Advisory: LEN-29406

Potential Impact: Information Disclosure

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2019-16863

Summary Description:

ST Microelectronics has reported a vulnerability in the implementation of the Elliptic Digital Signature Algorithm (ECDSA) signature generation function that could result in exposing the private key.

Mitigation Strategy for Customers (what you should do to protect yourself):

ST Microelectronics recommends updating your firmware to the latest version (or newer) indicated for your model in the Product Impact section below.

Product Impact: