PT-2023-1651 · Tpm2.0 +8 · Tpm2.0 +8

🗓️ 28 Feb 2023 00:00:00Reported by Positive TechnologiesType

Out-of-bounds write in trusted platform module library allows two-byte write past end in decryption, risking crash or code execution.

Reporter	Title	Published	Views	Family All 131
IBM Security Bulletins	Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018	1 Aug 202415:31	–	ibm
IBM Security Bulletins	Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018	21 Jun 202322:18	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0082: virt:rhel and virt-devel:rhel (ALINUX3-SA-2023:0082)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : libtpms (ALSA-2023:2453)	14 May 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2023:2757)	19 May 202300:00	–	nessus
Tenable Nessus	CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2023:2757)	16 May 202300:00	–	nessus
Tenable Nessus	CentOS 9 : libtpms-0.9.1-3.20211126git1ff6fe1f43.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	Fedora 36 : libtpms (2023-4afddd37a9)	16 Mar 202300:00	–	nessus
Tenable Nessus	Fedora 38 : libtpms (2023-64f2a84db1)	16 Mar 202300:00	–	nessus
Tenable Nessus	Fedora 37 : libtpms (2023-c487bde4b4)	6 Mar 202300:00	–	nessus

Source	Link
linux	www.linux.oracle.com/errata/ELSA-2023-2453.html
msrc	www.msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-1017
ubuntu	www.ubuntu.com/security/CVE-2023-1018
osv	www.osv.dev/vulnerability/CVE-2023-1017
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates
bdu	www.bdu.fstec.ru/vul/2023-01188
ubuntu	www.ubuntu.com/security/CVE-2023-1017
lists	www.lists.fedoraproject.org/archives/list/[email protected]/thread/4WEJNRD36D3EOCZVXKGPDSJXA35DPPSE
cve	www.cve.org/CVERecord
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-1017

29 Nov 2024 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 3.15.5 - 7.8

EPSS0.00674

SSVC