EulerOS 2.0 SP10 : tpm2-tss (EulerOS-SA-2023-1987)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In...

Amazon Linux 2023 : tpm2-tss, tpm2-tss-devel (ALAS2023-2023-110)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-110 advisory. tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions Tss2RCSetHandler and Tss2RCDecode both index...

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017 , concerns an out-of-bounds write, while the other,...

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other,...

TCG TPM 缓冲区错误漏洞

TCG TPM is a chip from the Trusted Computing Group that is planted inside a computer to provide a trusted root for the computer. A security vulnerability exists in version 2.0 of the TCG TPM that stems from an out-of-bounds write issue. An attacker could use this vulnerability to cause a denial o...

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and...

Fedora 37 : tpm2-tss (2023-25617e952a)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-25617e952a advisory. Fixed: A buffer overflow in tss2-rc as CVE-2023-22745. The drv layer in tss2-rc should have been the policy layer. Spec deviation in FapiGetDescription cause...

CVE-2023-22745

A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions, Tss2RCSetHandler and Tss2RCDecode index into the layerhandler with an 8-bit layer number, but the array only ha...

CVE-2023-22745

tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...

CVE-2023-22745

CVE-2023-22745 affects tpm2-tss: prior to versions 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2_RC_SetHandler and Tss2_RC_Decode index into layer_handler with an 8-bit layer number while the array has TPM2_ERROR_TSS2_RC_LAYER_COUNT entries, allowing a buffer overrun. This can read/write past the buffer ...

CVE-2023-22745 Buffer Overlow in TSS2_RC_Decode in tpm2-tss

tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...

CVE-2023-22745 Buffer Overlow in TSS2_RC_Decode in tpm2-tss

tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...

CVE-2023-22745

tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...

Baidu Rust SGX SDK 安全漏洞

Baidu Rust SGX SDK is a Rust language development kit for Intel SGX Trusted Computing Platform from Baidu, China. Baidu Rust SGX SDK suffers from a security vulnerability, which originates from a side-channel vulnerability in base64 PEM file decoding in Rust SGX 1.1.3. An attacker can exploit the...

trousers security, bug fix, and enhancement update

An update is available for trousers. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list TrouSerS is an implementation of the Trusted Computing Group's Software Stac...

RLSA-2021:1627 Moderate: trousers security, bug fix, and enhancement update

TrouSerS is an implementation of the Trusted Computing Group's Software Stack TSS specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module TPM hardware. The following packages have been upgraded to a later upstream version: trousers 0.3.15...

CVE-2020-26933

Trusted Computing Group TCG Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USEDAUSED. Improper initialization of this shut-down may result in susceptibility to a dictionary atta...

Design/Logic Flaw

Trusted Computing Group TCG Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USEDAUSED. Improper initialization of this shut-down may result in susceptibility to a dictionary atta...

CVE-2020-26933

Trusted Computing Group TCG Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USEDAUSED. Improper initialization of this shut-down may result in susceptibility to a dictionary atta...

CVE-2020-26933

CVE-2020-26933 concerns the Trusted Computing Group TPM Library Family 2.0 (library revisions 1.38–1.59). The issue is an Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED, where improper initialization may render the TPM vulnerable to a dictionary attack. The core...