516 matches found
PT-2026-43808
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locality leak occurs in the tpm i2c infineon component. When the get burstcount function returns -EBUSY due to a timeout, it exits immediately without releasing the locality previously...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the getburstcount function in tpm/tpmi2cinfineon. When this function returns -EBUSY due to timeout, the...
CVE-2026-45871
tpm: st33zp24: Fix missing cleanup on getburstcount error...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the st33zp24 TPM driver. This vulnerability occurs when the getburstcount function returns an...
[SECURITY] Fedora 43 Update: opencryptoki-3.26.0-3.fc43
Opencryptoki implements the PKCS11 specification v3.0 and partially v3.1 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptog...
[SECURITY] Fedora 44 Update: opencryptoki-3.26.0-3.fc44
Opencryptoki implements the PKCS11 specification v3.0 and partially v3.1 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptog...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series of changes to remove nested TPM operations: https://lore.kernel.org/all/[email protected]/ The exposure of the chip-tpmmutex was removed...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: tpm: fixed reference counting for struct tpmchip The following sequence of operations results in a refcount warning: 1. Open the device /dev/tpmrm. 2. Remove the module tpmtisspi. 3. Write a TPM command to the file descriptor...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: tpm: In tpmcrb, add acpiputtable to fix a memory leak. In crbacpiadd, we obtain the TPM2 table to retrieve information such as the start method, and then assign those values to private data. Therefore, the TPM2 table is not used...
Astra Linux – Vulnerability in Linux 5.10, Linux
A flaw was discovered in the Linux kernel’s implementation of proxied virtualized TPM devices. In a system where virtualized TPM devices are enabled which is not the default setting, a local attacker can exploit this flaw to create a “use-after-free” condition, potentially allowing them to escala...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up the TPM space after a command failure. tpmdevtransmit prepares the TPM space before attempting command transmission. However, if the command fails, no rollback of this preparation occurs. This can lead to transient...
Astra Linux – Vulnerability in edk2
A BIOS bug in the firmware of a specific PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in several ways, as well as to cause non-permanently DoS on the system...
Zero-Day Exploit Against Windows BitLocker
It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...
Nuvoton ECHD Key Security Update
Nuvoton has informed HP of a potential security vulnerability identified in Nuvoton TPM NPCT7xx models used in certain HP PC products, which might allow information disclosure. Nuvoton has released firmware mitigation for the potential vulnerability. HP has identified affected platforms and...
CVE-2026-6923
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
CVE-2026-6923 Nuvoton - CWE-1300: Improper Protection of Physical Side Channels
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
EUVD-2026-30328
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
CVE-2026-6923
CVE-2026-6923 describes a side-channel vulnerability affecting TPMs where physical access is required to extract an Elliptic Curve Diffie-Hellman (ECDH) key. The vulnerability stems from a physical side channel to the TPM that can lead to key leakage. Documented impact is confidentiality loss (ex...
CVE-2026-6923
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
Nuvoton NPCT7xx 安全漏洞
Nuvoton NPCT7xx is a series of TPM security controllers developed by Nuvoton Corporation in Taiwan, China, aimed at trusted computing and platform security management. Nuvoton NPCT7xx has security vulnerabilities, which stem from side-channel attacks and may lead to the extraction of elliptic cur...