Vulnerability CVE-2023-1017: Information

Description

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-1017
Published: Feb. 28, 2023
Modified: April 1, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libtpmssisyphus0.9.6-alt10.9.6-alt1ALT-PU-2023-1896-1321955Fixed
libtpmssisyphus_e2k0.9.6-alt10.9.6-alt1ALT-PU-2023-3706-1-Fixed
libtpmssisyphus_riscv640.9.6-alt10.9.6-alt1ALT-PU-2023-3718-1-Fixed
libtpmsp100.9.6-alt10.9.6-alt1ALT-PU-2023-1933-1322023Fixed
libtpmsp10_e2k0.9.6-alt10.9.6-alt1ALT-PU-2023-3803-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://kb.cert.org/vuls/id/782720
  • Third Party Advisory
  • US Government Resource
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf
  • Vendor Advisory
https://trustedcomputinggroup.org/about/security/
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*
      cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*
      cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
      End excliding
      10.0.17763.4131
      cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.19042.2728
      cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.22000.1696
      cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.19044.2728
      cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.19045.2728
      cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
      End excliding
      10.0.14393.5786
      cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
      End excliding
      10.0.10240.19805
      cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
      End excliding
      10.0.14393.5786
      cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
      End excliding
      10.0.22621.1413
      cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
      End excliding
      10.0.17763.4131
      cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
      End excliding
      10.0.20348.1607
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top