CVE-2023-1018

Summary

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Affected Software

VendorProductVersion RangeStatus
Trusted Computing GroupTPM2.01.59affected
Trusted Computing GroupTPM2.01.38affected
Trusted Computing GroupTPM2.01.16affected

Weaknesses

  • CWE-125 Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References