Description
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| trusted-platform-module | — | — |
| windows-10-1507 | — | 10.0.10240.19805 |
| windows-10-1607 | — | 10.0.14393.5786 |
| windows-10-1809 | — | 10.0.17763.4131 |
| windows-10-20h2 | — | 10.0.19042.2728 |
| windows-10-21h2 | — | 10.0.19044.2728 |
| windows-10-22h2 | — | 10.0.19045.2728 |
| windows-11-21h2 | — | 10.0.22000.1696 |
| windows-11-22h2 | — | 10.0.22621.1413 |
| windows-server-2016 | — | 10.0.14393.5786 |
| windows-server-2019 | — | 10.0.17763.4131 |
| windows-server-2022 | — | 10.0.20348.1607 |
References
Similar Threats
- Medium CVE-2023-1018
Exploit Protection
Help block exploit attempts
BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.
Try BotEraser Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.