Nuvoton TPM 1.2 Vulnerability - Lenovo Support NL

**Lenovo Security Advisory:**LEN-57315

**Potential Impact:**Information disclosure, modification of data

**Severity:**Medium

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2021-32015

Summary Description:

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory.
NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.

Mitigation Strategy for Customers (what you should do to protect yourself):

Nuvoton recommends updating your firmware to the latest version (or newer) indicated for your model in the Product Impact section below.