Lucene search
K

516 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43808

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locality leak occurs in the tpm i2c infineon component. When the get burstcount function returns -EBUSY due to a timeout, it exits immediately without releasing the locality previously...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the getburstcount function in tpm/tpmi2cinfineon. When this function returns -EBUSY due to timeout, the...

5.8AI score0.00123EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.10 views

CVE-2026-45871

tpm: st33zp24: Fix missing cleanup on getburstcount error...

5.8AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the st33zp24 TPM driver. This vulnerability occurs when the getburstcount function returns an...

5.8AI score0.00163EPSS
Exploits0References8
Fedora
Fedora
added 2026/05/21 1:28 a.m.13 views

[SECURITY] Fedora 43 Update: opencryptoki-3.26.0-3.fc43

Opencryptoki implements the PKCS11 specification v3.0 and partially v3.1 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptog...

6.8CVSS5.8AI score0.00162EPSS
Exploits0
Fedora
Fedora
added 2026/05/21 12:57 a.m.13 views

[SECURITY] Fedora 44 Update: opencryptoki-3.26.0-3.fc44

Opencryptoki implements the PKCS11 specification v3.0 and partially v3.1 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptog...

6.8CVSS5.8AI score0.00162EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series of changes to remove nested TPM operations: https://lore.kernel.org/all/[email protected]/ The exposure of the chip-tpmmutex was removed...

4.7CVSS6.1AI score0.00224EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: tpm: fixed reference counting for struct tpmchip The following sequence of operations results in a refcount warning: 1. Open the device /dev/tpmrm. 2. Remove the module tpmtisspi. 3. Write a TPM command to the file descriptor...

7.8CVSS6.2AI score0.00281EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: tpm: In tpmcrb, add acpiputtable to fix a memory leak. In crbacpiadd, we obtain the TPM2 table to retrieve information such as the start method, and then assign those values to private data. Therefore, the TPM2 table is not used...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A flaw was discovered in the Linux kernel’s implementation of proxied virtualized TPM devices. In a system where virtualized TPM devices are enabled which is not the default setting, a local attacker can exploit this flaw to create a “use-after-free” condition, potentially allowing them to escala...

7.8CVSS6.7AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up the TPM space after a command failure. tpmdevtransmit prepares the TPM space before attempting command transmission. However, if the command fails, no rollback of this preparation occurs. This can lead to transient...

5.5CVSS6.6AI score0.00219EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in edk2

A BIOS bug in the firmware of a specific PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in several ways, as well as to cause non-permanently DoS on the system...

7.8CVSS6.6AI score0.01165EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2026/05/18 11:8 a.m.20 views

Zero-Day Exploit Against Windows BitLocker

It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...

5.8AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2026/05/15 12:0 a.m.22 views

Nuvoton ECHD Key Security Update

Nuvoton has informed HP of a potential security vulnerability identified in Nuvoton TPM NPCT7xx models used in certain HP PC products, which might allow information disclosure. Nuvoton has released firmware mitigation for the potential vulnerability. HP has identified affected platforms and...

3.8CVSS5.8AI score0.00117EPSS
Exploits0Affected Software64
NVD
NVD
added 2026/05/14 5:16 p.m.37 views

CVE-2026-6923

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS0.00117EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 4:14 p.m.8 views

CVE-2026-6923 Nuvoton - CWE-1300: Improper Protection of Physical Side Channels

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 4:14 p.m.10 views

EUVD-2026-30328

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 4:14 p.m.44 views

CVE-2026-6923

CVE-2026-6923 describes a side-channel vulnerability affecting TPMs where physical access is required to extract an Elliptic Curve Diffie-Hellman (ECDH) key. The vulnerability stems from a physical side channel to the TPM that can lead to key leakage. Documented impact is confidentiality loss (ex...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:14 p.m.7 views

CVE-2026-6923

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Nuvoton NPCT7xx 安全漏洞

Nuvoton NPCT7xx is a series of TPM security controllers developed by Nuvoton Corporation in Taiwan, China, aimed at trusted computing and platform security management. Nuvoton NPCT7xx has security vulnerabilities, which stem from side-channel attacks and may lead to the extraction of elliptic cur...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
Rows per page
Query Builder