CVE-2023-1018Out-of-bounds Read in Computing Group Tpm2.0

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow12 documents9 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.6%
top 29.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Libtpms Project LibtpmsMicrosoft Windows 10 1507Microsoft Windows 10 1607+11 more
Timeline
PublishedFeb 28
Latest updateJan 24

Description

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

CVEListV5trusted_computing_group/tpm2.01.16, 1.38, 1.59+2
NVDmicrosoft/windows< 10.0.14393.5786+2
NVDmicrosoft/windows_10_1507< 10.0.10240.19805
NVDmicrosoft/windows_10_1607< 10.0.14393.5786

🔴Vulnerability Details

4
OSV
libtpms vulnerabilities2023-03-07
OSV
CVE-2023-1018: An out-of-bounds read vulnerability exists in TPM22023-02-28
CVEList
TPM2.0 vulnerable to out-of-bounds read2023-02-28
GHSA
GHSA-cr8w-xxqw-fm2m: An out-of-bounds read vulnerability exists in TPM22023-02-28

📋Vendor Advisories

5
Red Hat
libxls: heap buffer overflow in xls_parseWorkBook() in xls.c2023-08-15
Microsoft
CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability2023-03-14
Ubuntu
Libtpms vulnerabilities2023-03-07
Red Hat
tpm2: TCG TPM2.0 implementations vulnerable to memory corruption2023-02-28
Debian
CVE-2023-1018: libtpms - An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a...2023

💬Community

1
Bugzilla
CVE-2023-51043 kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c2024-01-24
CVE-2023-1018 — Out-of-bounds Read | cvebase