all InfoSec news
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and trigger these vulnerabilities. This allows either read-only access to sensitive data or overwriting of normally protected data that is only available to the TPM (e.g., cryptographic keys).
Description
Trusted Platform Module (TPM) technology is a hardware-based solution …
access buffer buffer overflow command corruption data interface keys library memory memory corruption november overflow platform reference send sensitive data tcg tpm trigger trusted platform module vulnerabilities vulnerable