Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2023-1018

Published: 28 February 2023

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Notes

AuthorNote
mdeslaur
This is VU#782720

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
libtpms
Launchpad, Ubuntu, Debian
bionic Does not exist

jammy
Released (0.9.3-0ubuntu1.22.04.1)
kinetic
Released (0.9.3-0ubuntu1.22.10.1)
trusty Ignored
(end of standard support)
upstream
Released (0.9.6)
xenial Ignored
(end of standard support)
focal Does not exist

Patches:
upstream: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N