Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1017

Опубликовано: 28 фев. 2023
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8virt:rhel/libtpmsAffected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/libtpmsWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.3/libtpmsWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/libtpmsWill not fix
Red Hat Enterprise Linux 8.6 Extended Update Supportvirt-develFixedRHSA-2023:183318.04.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportvirtFixedRHSA-2023:183318.04.2023
Red Hat Enterprise Linux 9libtpmsFixedRHSA-2023:245309.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2149416tpm: TCG TPM2.0 implementations vulnerable to memory corruption

EPSS

Процентиль: 45%
0.00223
Низкий

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1017

CVSS3: 7.8
ubuntu
больше 2 лет назад

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

nvd логотип

CVE-2023-1017

CVSS3: 7.8
nvd
больше 2 лет назад

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

msrc логотип

CVE-2023-1017

CVSS3: 8.8
msrc
больше 2 лет назад

CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability

debian логотип

CVE-2023-1017

CVSS3: 7.8
debian
больше 2 лет назад

An out-of-bounds write vulnerability exists in TPM2.0's Module Library ...

github логотип

GHSA-c6qh-28m2-rfvf

CVSS3: 7.8
github
больше 2 лет назад

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

EPSS

Процентиль: 45%
0.00223
Низкий

7.1 High

CVSS3