Vulnerability CVE-2023-1018: Information

Description

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-1018
Published: Feb. 28, 2023
Modified: April 1, 2024
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libtpmssisyphus0.9.6-alt10.9.6-alt1ALT-PU-2023-1896-1321955Fixed
libtpmssisyphus_e2k0.9.6-alt10.9.6-alt1ALT-PU-2023-3706-1-Fixed
libtpmssisyphus_riscv640.9.6-alt10.9.6-alt1ALT-PU-2023-3718-1-Fixed
libtpmsp100.9.6-alt10.9.6-alt1ALT-PU-2023-1933-1322023Fixed
libtpmsp10_e2k0.9.6-alt10.9.6-alt1ALT-PU-2023-3803-1-Fixed
libtpmsp110.9.6-alt10.9.6-alt1ALT-PU-2023-1896-1321955Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://kb.cert.org/vuls/id/782720
  • Third Party Advisory
  • US Government Resource
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf
  • Vendor Advisory
https://trustedcomputinggroup.org/about/security/
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*
      cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*
      cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
      End excliding
      10.0.17763.4131
      cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.19042.2728
      cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.22000.1696
      cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.19044.2728
      cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.19045.2728
      cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
      End excliding
      10.0.14393.5786
      cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
      End excliding
      10.0.10240.19805
      cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
      End excliding
      10.0.14393.5786
      cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.22621.1413
      cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
      End excliding
      10.0.17763.4131
      cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
      End excliding
      10.0.20348.1607
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top