CVE-2023-1017

CVE-2023-1017 describes an out-of-bounds write in TPM2.0/Module Library CryptParameterDecryption. A local attacker could crash the TPM or gain arbitrary code execution in the TPM context. Affected scope includes TPM2.0 implementations via libtpms in VM TPM support and TPM modules. Public details ...

CVE-2023-1018

CVE-2023-1018 is an out-of-bounds read in TPM 2.0’s Module Library (CryptParameterDecryption) that could allow a local attacker to read sensitive data stored in the TPM. Connected advisories confirm a local, authenticated access scenario and note TPM exposure on affected IBM Power firmware (Power...

CVE-2018-6622

CVE-2018-6622 describes a TPM 2.0 BIOS firmware issue where an abnormal S3 resume can cause TPM 2.0 to clear PCRs, potentially allowing a local attacker to overwrite PCRs and bypass seal/unseal and remote attestation. HP and Lenovo advisories reference this vulnerability as a local security issue...

CVE-2020-26933

CVE-2020-26933 concerns the Trusted Computing Group TPM Library Family 2.0 (library revisions 1.38–1.59). The issue is an Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED, where improper initialization may render the TPM vulnerable to a dictionary attack. The core...