CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

TPM 2.0 Reference Code Vulnerability – Firmware TPMs - Lenovo Support US

No description provided...

TPM 2.0 Reference Code Vulnerability – Discrete TPMs - Lenovo Support US

No description provided...

libtpms 缓冲区错误漏洞

libtpms is a software emulation of a Trusted Platform Module by the individual developer Stefan Berger. A buffer error vulnerability exists in libtpms that stems from an out-of-bounds read in the CryptHmacSign function, which could lead to a service interruption...

TCG TPM 安全漏洞

TCG TPM is a chip that is planted inside a computer to provide a trusted root for the computer, organized by Trusted Computing Group. A security vulnerability exists in version 2.0 of the TCG TPM, which stems from a CryptHmacSign helper function that does not validate the signing scheme and signi...

PT-2025-24896

Name of the Vulnerable Software and Affected Versions TCG TPM2.0 versions affected versions not specified AMD Ryzen processors versions not specified Description The TCG TPM2.0 reference implementation's CryptHmacSign function contains a flaw due to a lack of validation between the signature sche...

Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

Overview An out-of-bounds OOB read vulnerability has been identified in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.83 March 2024. An attacker with access to a TPM command interface can exploit this vulnerability by sending specially...

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...

CVE-2020-25082

An attacker with physical access to Nuvoton Trusted Platform Module NPCT75x 7.2.x before 7.2.2.0 could extract an Elliptic Curve Cryptography ECC private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy...

CVE-2020-5851

On impacted versions and platforms the Trusted Platform Module TPM system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or...

USN-7510-5 linux-azure-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device...

kernel: tpm: Clean up TPM space after command failure

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpmdevtransmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handle...

kernel: tpm: Lock TPM chip in tpm_pm_suspend() first

In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpmpmsuspend first Setting TPMCHIPFLAGSUSPENDED in the end of tpmpmsuspend can be racy according, as this leaves window for tpmhwrngread to be called while the operation is in progress. The recent bug report...

SUSE CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

DEBIAN-CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

UBUNTU-CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

GNU GRUB 访问控制错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. An Access Control Error vulnerability exists in GNU GRUB, which stems from GRUB not clearing the key in memory during automatic TPM decryption, and can be exploited by an attacker to obtain unencrypted data...

How to create a PVS master target device on Hyper-V for Windows 11

The objective here is to creating a PVS master target device VM on Hyper-V, which can be used for both installing Windows 11 and also booting via PVS. Windows 11 has installation requirements which need both Secure boot and TPM available. Hyper-V VM options which are relevant here: Secure boot...

Enable IMA Measurement

Integrity Measurement Architecture IMA is an integrity protection function of the kernel. When IMA is enabled, integrity measurement is provided for important system files based on user-defined policies. The measurement results can be used for local and remote integrity attestation. If IMA is...

DEBIAN-CVE-2025-23149

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPMCHIPFLAGSUSPENDED after the call to tpmfindgetops can lead to a spurious tpmchipstart call: 35985.503771 i2c i2c-1: Transfer while suspended 35985.503796 WARNING: CPU: 0 PID: 74 ...