Trusted Computing Group Tpm2.0 vulnerabilities
3 known vulnerabilities affecting trusted_computing_group/tpm2.0.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-2884MEDIUMCVSS 6.6fixed in 1.832025-06-10
CVE-2025-2884 [MEDIUM] CWE-125 CVE-2025-2884: TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds r
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
nvd
CVE-2023-1017HIGHCVSS 7.8v1.59v1.38+1 more2023-02-28
CVE-2023-1017 [HIGH] CWE-787 CVE-2023-1017: An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution
nvd
CVE-2023-1018MEDIUMCVSS 5.5v1.59v1.38+1 more2023-02-28
CVE-2023-1018 [MEDIUM] CWE-125 CVE-2023-1018: An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past th
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
nvd