Moderate: Red Hat Security Advisory: tpm2-tools security and enhancement update

An update for tpm2-tools is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2021-7047

Name of the Vulnerable Software and Affected Versions Microsoft Surface Pro 3 affected versions not specified Description The vulnerability is related to errors in authorization, allowing an attacker to bypass existing security restrictions. It is associated with the TPM Carte Blanche attack, whi...

OESA-2021-1384 tpm2-tools security update

The package contains the code for the TPM Trusted Platform Module 2.0 tools based on tpm2-tss. The tpm2-tools projects aims to deliver both low-level and aggregate command line tools that provide access to a tpm2.0 compatible device. Security Fixes: A flaw was found in tpm2-tools in versions befo...

The vulnerability of the library used for software emulation of the Trusted Platform Module’s libtpms module involves an operation that goes beyond the buffer boundaries in memory. This allows a malicious actor to trigger a service failure.

The vulnerability of the library used for software emulation of the Trusted Platform Module’s libtpms module is related to a stack corruption error during data decryption using RSA. Exploiting this vulnerability can allow an attacker to cause a service failure...

Archlinux libtpms 缓冲区错误漏洞

Archlinux libtpms is an Archlinux open source application. A library that provides software emulation of Trusted Platform Modules TPM 1.2 and TPM 2.0. A buffer error vulnerability exists in libtpms, which stems from an out-of-bounds access issue in libtpms, where an attacker can build special TPM...

[SECURITY] Fedora 34 Update: opencryptoki-3.16.0-2.fc34

Opencryptoki implements the PKCS11 specification v2.11 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package...

CVE-2020-25082

An attacker with physical access to Nuvoton Trusted Platform Module NPCT75x 7.2.x before 7.2.2.0 could extract an Elliptic Curve Cryptography ECC private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy...

CVE-2020-25082

CVE-2020-25082 concerns Nuvoton NPCT75x TPMs where an attacker with physical access could extract an ECC private key via a side-channel timing discrepancy in ECDSA. Affected products are NPCT75x with firmware series 7.2.x prior to 7.2.2.0. The vulnerability arises from observable timing differenc...

Defeating Microsoft’s Trusted Platform Module

This is a really interesting story explaining how to defeat Microsofts TPM in 30 minutes -- without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one clients network, received a new Lenovo computer preconfigured to...

Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.

...

The vulnerability of the libtpms library arises from a transaction that occurs outside of the buffer in memory, allowing an attacker to trigger an emergency system shutdown or cause a service failure.

The vulnerability of the libtpms library arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a perpetrator to cause the system to terminate abnormally or trigger a service failure using a specially crafted TPM 2 package...

Archlinux libtpms 缓冲区错误漏洞

Archlinux libtpms is an Archlinux open source application. A library that provides software emulation of Trusted Platform Modules TPM 1.2 and TPM 2.0. A buffer error vulnerability exists in Archlinux libtpms that stems from a boundary condition. A local user can trigger an out-of-range read error...

PT-2021-3477 · Libtpms +1 · Libtpms +1

Name of the Vulnerable Software and Affected Versions: libtpms affected versions not specified Description: The issue is caused by an out-of-bounds access in memory due to a flaw in the libtpms library. This can be triggered by specially-crafted TPM 2 command packets containing illegal values. Th...

CVE-2021-32015

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Comm...

Nuvoton NPCT 安全漏洞

Intel Nuvoton Consumer Infrared CIR Driver is an infrared driver from Intel Corporation USA. A security vulnerability in the Nuvoton NPCT75x TPM 1.2 firmware version 7.4.0.0, which stems from incorrect access control, allows a highly privileged, locally authenticated attacker to gain unauthorized...

[SECURITY] Fedora 34 Update: tpm2-tss-3.1.0-1.fc34

tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 sy stem APIs. It sits between TPM driver and applications, providing TPM2.0 specifi ed APIs for applications to access TPM module through kernel TPM drivers...

Moderate: Red Hat Security Advisory: trousers security, bug fix, and enhancement update

An update for TrouSerS is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Moderate: trousers security, bug fix, and enhancement update

TrouSerS is an implementation of the Trusted Computing Group's Software Stack TSS specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module TPM hardware. The following packages have been upgraded to a later upstream version: trousers 0.3.15...

EulerOS 2.0 SP3 : tboot (EulerOS-SA-2021-1855)

According to the version of the tboot package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to...

PT-2024-11059 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.33 and 5.11.17 Description: The issue is related to the KEYS: trusted: Fix TPM reservation for seal/unseal in the Linux kernel. The original patch was correct but got rebased, causing the loss of tpm try ge...