CVE-2023-1017
published 2023-02-28CVE-2023-1017: An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtpms | < libtpms 0.9.2-3.1 (bookworm) | libtpms 0.9.2-3.1 (bookworm) |
| libtpms_project | libtpms | >= 0 < 0.9.2-3.1 | 0.9.2-3.1 |
| libtpms_project | libtpms | >= 0 < 0.9.2-3.1 | 0.9.2-3.1 |
| libtpms_project | libtpms | >= 0 < 0.9.2-3.1 | 0.9.2-3.1 |
| libtpms_project | libtpms | >= 0 < 0.9.3-0ubuntu1.22.04.1 | 0.9.3-0ubuntu1.22.04.1 |
| linux | linux_kernel | >= 0 < 5.4.235 | 5.4.235 |
| linux | linux_kernel | >= 3.15.0 < 5.10.218 | 5.10.218 |
| linux | linux_kernel | >= 5.11.0 < 5.15.160 | 5.15.160 |
| linux | linux_kernel | >= 5.11.0 < 5.15.99 | 5.15.99 |
| linux | linux_kernel | >= 5.16.0 < 6.1.24 | 6.1.24 |
| linux | linux_kernel | >= 5.16.0 < 6.1.16 | 6.1.16 |
| linux | linux_kernel | >= 5.18.0 < 6.2.3 | 6.2.3 |
| linux | linux_kernel | >= 5.5.0 < 5.10.173 | 5.10.173 |
| linux | linux_kernel | >= 6.2.0 < 6.2.11 | 6.2.11 |
| microsoft | windows_10_1507 | < 10.0.10240.19805 | 10.0.10240.19805 |
| microsoft | windows_10_1607 | < 10.0.14393.5786 | 10.0.14393.5786 |
| microsoft | windows_10_1809 | < 10.0.17763.4131 | 10.0.17763.4131 |
| microsoft | windows_10_20h2 | < 10.0.19042.2728 | 10.0.19042.2728 |
| microsoft | windows_10_21h2 | < 10.0.19044.2728 | 10.0.19044.2728 |
| microsoft | windows_10_22h2 | < 10.0.19045.2728 | 10.0.19045.2728 |
| microsoft | windows_11_21h2 | < 10.0.22000.1696 | 10.0.22000.1696 |
| microsoft | windows_11_22h2 | < 10.0.22621.1413 | 10.0.22621.1413 |
| microsoft | windows_server_2016 | < 10.0.14393.5786 | 10.0.14393.5786 |
| microsoft | windows_server_2019 | < 10.0.17763.4131 | 10.0.17763.4131 |
| microsoft | windows_server_2022 | < 10.0.20348.1607 | 10.0.20348.1607 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH