Описание
Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
CVE-2025-2884 is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm.
CERT/CC created this CVE on their behalf. The documented Windows updates incorporate updates in TCG TPM2.0 Reference implementation which address this vulnerability. Please see CVE-2025-2884 for more information.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 11 Version 22H2 for x64-based Systems | ||
| Windows 11 Version 23H2 for x64-based Systems | ||
| Windows Server 2022, 23H2 Edition (Server Core installation) | ||
| Windows 11 Version 24H2 for x64-based Systems | ||
| Windows Server 2025 | ||
| Windows Server 2025 (Server Core installation) | ||
| Windows 11 Version 25H2 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata 1.83 of TCG standard TPM2.0
EPSS
5.3 Medium
CVSS3