The vulnerability of the implementation of proxy-virtualized TPM devices in Linux operating systems allows a hacker to increase their privileges within the system.

The vulnerability of Linux kernel-based proxy-virtualized TPM devices relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

CVE-2022-2977

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured this is not the default a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the syste...

UBUNTU-CVE-2022-2977

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured this is not the default a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the syste...

Hybrid-Work Drives Hardware Security Strategies

Remote workforce, hybrid-cloud and Zero-Trust trends are pushing security teams to focus on hardware-assisted security strategies to better secure an evolving attack surface changed significantly by COVID. To address new challenges, hardware-assisted security is viewed as an effective and...

March 22, 2022—KB5011551 (OS Build 17763.2746) Preview

March 22, 2022—KB5011551 OS Build 17763.2746 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights Updates an...

CVE-2022-26355

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

CVE-2022-26355

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

CVE-2022-26355 Citrix Federated Authentication Service (FAS)

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

Citrix Federated Authentication Service (FAS) Security Update

An issue has been identified in Citrix Federated Authentication Service FAS which causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider...

DEBIAN-CVE-2021-3623

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...

OESA-2022-1515 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as...

Keylime 安全漏洞

Keylime is an open source extensible trust system for Keylime that utilizes TPM technology. There is a security vulnerability in Keylime, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

Keylime 安全漏洞

Keylime is an open source extensible trust system for Keylime that utilizes TPM technology. There is a security vulnerability in Keylime, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

Keylime 安全漏洞

Keylime is an open source extensible trust system utilizing TPM technology for Keylime.UNIX is organized by The Open Group, a multi-user, multi-process computer operating system. Keylime has a security vulnerability, there is no information about this vulnerability yet, please stay tuned to CNNVD...

Keylime 安全漏洞

Keylime is an open source extensible trust system for Keylime that utilizes TPM technology. There is a security vulnerability in Keylime, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

Keylime 安全漏洞

Keylime is an open source extensible trust system for Keylime that utilizes TPM technology. There is a security vulnerability in Keylime, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

UBUNTU-CVE-2021-38576

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system...

Tianocore EDK II 安全漏洞

Tianocore Edk2 is a cross-platform firmware development environment from the Tianocore community that follows the UEFI and PI specifications.Tianocore EDK II contains a security vulnerability that can be exploited by attackers to permanently block TPM in a number of ways, as well as non-permanent...

Moderate: Red Hat Security Advisory: tpm2-tools security and enhancement update

An update for tpm2-tools is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2021-7047

Name of the Vulnerable Software and Affected Versions Microsoft Surface Pro 3 affected versions not specified Description The vulnerability is related to errors in authorization, allowing an attacker to bypass existing security restrictions. It is associated with the TPM Carte Blanche attack, whi...