Two
vulnerabilities
affecting
the
Trusted
Platform
Module
(TPM)
2.0
library
could
potentially
lead
to
information
disclosure
or
privilege
escalation.
The
Trusted
Computing
Group
(TCG)
is
warning
of
two
vulnerabilities
affecting
the
implementations
of
the
Trusted
Platform
Module
(TPM)
2.0
that
could
potentially
lead
to
information
disclosure
or
privilege
escalation.
The
Trusted
Platform
Module
(TPM)
technology
is
a
hardware-based
solution
that
provides
secure
cryptographic
functions
to
the
operating
systems
on
modern
computers,
making
it
resistant
to
tampering.
An
attacker
who
has
access
to
a
TPM-command
interface
can
exploit
the
flaws
sending
maliciously-crafted
commands
to
the
module.
Both
vulnerabilities
were
reported
in
November
2022
by
cybersecurity
firm
Quarkslab.
“An
authenticated,
local
attacker
could
send
maliciously
crafted
commands
to
a
vulnerable
TPM
allowing
access
to
sensitive
data.
In
some
cases,
the
attacker
can
also
overwrite
protected
data
in
the
TPM
firmware.
This
may
lead
to
a
crash
or
arbitrary
code
execution
within
the
TPM.”
reads
the
alert
published
by
the
CERT
Coordination
Center
(CERT/CC).
“Because
the
attacker’s
payload
runs
within
the
TPM,
it
may
be
undetectable
by
other
components
of
the
target
device.”
The
first
issue,
tracked
as CVE-2023-1017,
is
an
out-of-bounds
write.
The
second
vulnerability,
tracked
as CVE-2023-1018,
is
described
as
an
out-of-bounds
read.
“The
buffer
overflows
occur
on
the
buffer
passed
to
the
ExecuteCommand()
entry
point
(detailed
in
Part
4
of
the
spec.)
CVE-2023-1017
may
allow
an
attacker
to
write
2
bytes
past
the
end
of
that
buffer.
Those
2
bytes
can
be
written,
with
attacker-specified
values,
and
therefore
the
impact
assessment
depends
on
what
is
at
that
memory
location,
which
may
vary
across
various
TPM
implementations
&
vendors.”
reads
the
advisory.
“In
some
implementations
the
two
bytes
in
question
may
be
unused
memory
(e.g.
in
case
of
certain
static
buffers),
or
it
could
have
live
data
(e.g.
if
the
buffer
is
on
the
stack.)
CVE-2023-1018
may
allow
an
attacker
to
read
2
bytes
past
the
end
of
that
buffer.”
Quarkslab researchers
pointed
out
that
the
vulnerabilities
could
potentially
affect
billions
of
devices,
including
IoT
devices,
servers,
and
embedded
systems.
“Two
vulnerabilities
found
by
Quarkslab in
the
TPM2.0
reference
implementation
and
reported
in
November
2022
are
now
publicly
revealed
and could
affect
Billions
of
devices.”
states
Quarkslab.
“Users
in
high-assurance
computing
environments
should
consider
using
TPM
Remote
Attestation
to
detect
any
changes
to
devices
and
ensure
their
TPM
is
tamper
proofed.”
concludes
the
CERT
Coordination
Center
(CERT/CC).
Follow
me
on
Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(SecurityAffairs –
hacking,
Trusted
Platform
Module)
Share
On
About Author
