TPM2.0 vulnerable to out-of-bounds write
CVE-2023-1017

7.8HIGH

Key Information:

Vendor: Trusted Computing Group
Status: Tpm2.0
Vendor: CVE Published:; 28 February 2023

🔔 Create Trusted Computing Group Vulnerability Alert

What is CVE-2023-1017?

An out-of-bounds write vulnerability in the TPM2.0 Module Library can be exploited due to improper handling of data in the CryptParameterDecryption routine. This flaw allows an attacker to write 2 bytes of data past the boundaries of the TPM2.0 command, potentially resulting in a denial of service. This can crash the TPM chip or process and may also enable arbitrary code execution within the TPM context, posing significant risks to systems relying on trusted computing features.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TPM2.0 1.59

TPM2.0 1.38

TPM2.0 1.19

References

https://trustedcomputinggroup.org/wp-content/uploads/TCGV...

https://trustedcomputinggroup.org/about/security/

https://kb.cert.org/vuls/id/782720

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Feb 24, 2023

Credit

Francisco Falcon of Quarkslab

JSON

Trusted Computing Group

What is CVE-2023-1017?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.