all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption

Add to bookmarks
Feb. 28, 2023, 5:37 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and trigger these vulnerabilities. This allows either read-only access to sensitive data or overwriting of normally protected data that is only available to the TPM (e.g., cryptographic keys).


Description


Trusted Platform Module (TPM) technology is a hardware-based solution …

access buffer buffer overflow command corruption data interface keys library memory memory corruption november overflow platform reference send sensitive data tcg tpm trigger trusted platform module vulnerabilities vulnerable

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 1 week, 5 days ago | kb.cert.org
abuse access attacker baseboard management controller +17
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 1 week, 6 days ago | kb.cert.org
arbitrary code arbitrary code execution attacker can +15
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 3 weeks, 5 days ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 month ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month, 1 week ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 3 weeks ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 4 weeks ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months ago | kb.cert.org
app attacks bluetooth called +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Technical Support Engineer - Cyber Security

@ Microsoft | Taipei, Taipei City, Taiwan
View on infosec-jobs.com

Senior Security Engineer

@ Workato | Barcelona, Spain
View on infosec-jobs.com

Regional Cybersecurity Specialist

@ Bayer | Singapore, Singapore, SG
View on infosec-jobs.com

Cyber Security Network Engineer

@ Nine | North Sydney, Australia
View on infosec-jobs.com

Professional, IAM Security

@ Ingram Micro | Manila Shared Services Center
View on infosec-jobs.com

Principal Windows Threat & Detection Security Researcher (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com
View more jobs