6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The vulnerability of Tss2_RC_Decode and Tss2_RC_SetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to
buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to
gain access to sensitive data, violate its integrity, and cause a denial of service.
Vulnerability in TPM2_GENERATED_VALUE() functions of TCG TPM2 TPM2 Software Stack implementation is related to the lack of
checking if the magic number in the TPM2_GENERATED_VALUE certificate matches the magic number in the TPM2_GENERATED_VALUE certificate. Exploitation of the vulnerability
could allow an attacker to generate arbitrary quote data that cannot be detected by the
Fapi_VerifyQuote.
6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%