CVE-2023-1017

Summary

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

Affected Software

VendorProductVersion RangeStatus
Trusted Computing GroupTPM2.01.59affected
Trusted Computing GroupTPM2.01.38affected
Trusted Computing GroupTPM2.01.19affected

Weaknesses

  • CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References