CVE-2023-1017Out-of-bounds Write in Computing Group Tpm2.0

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-664Improper Control of a Resource Through its LifetimeCWE-763Release of Invalid Pointer or ReferenceCWE-459Incomplete Cleanup17 documents9 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 21.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Libtpms Project LibtpmsMicrosoft Windows 10 1507Microsoft Windows 10 1607+11 more
Timeline
PublishedFeb 28
Latest updateDec 24

Description

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

CVEListV5trusted_computing_group/tpm2.01.19, 1.38, 1.59+2
NVDmicrosoft/windows< 10.0.14393.5786+2
NVDmicrosoft/windows_10_1507< 10.0.10240.19805
NVDmicrosoft/windows_10_1607< 10.0.14393.5786

🔴Vulnerability Details

6
OSV
scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests2025-12-24
OSV
netlink: annotate lockless accesses to nlk->max_recvmsg_len2025-12-09
OSV
libtpms vulnerabilities2023-03-07
CVEList
TPM2.0 vulnerable to out-of-bounds write2023-02-28
OSV
CVE-2023-1017: An out-of-bounds write vulnerability exists in TPM22023-02-28

📋Vendor Advisories

6
Red Hat
kernel: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests2025-12-24
Red Hat
kernel: net/mlx5: Unregister devlink params in case interface is down2025-10-01
Microsoft
CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability2023-03-14
Ubuntu
Libtpms vulnerabilities2023-03-07
Red Hat
tpm: TCG TPM2.0 implementations vulnerable to memory corruption2023-02-28
CVE-2023-1017 — Out-of-bounds Write | cvebase