Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1018

Опубликовано: 28 фев. 2023
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/libtpmsWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.3/libtpmsWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/libtpmsAffected
Red Hat Enterprise Linux 8virt-develFixedRHSA-2023:275716.05.2023
Red Hat Enterprise Linux 8virtFixedRHSA-2023:275716.05.2023
Red Hat Enterprise Linux 8.6 Extended Update Supportvirt-develFixedRHSA-2023:183318.04.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportvirtFixedRHSA-2023:183318.04.2023
Red Hat Enterprise Linux 9libtpmsFixedRHSA-2023:245309.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2149420tpm2: TCG TPM2.0 implementations vulnerable to memory corruption

EPSS

Процентиль: 49%
0.00257
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1018

CVSS3: 5.5
ubuntu
больше 2 лет назад

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

nvd логотип

CVE-2023-1018

CVSS3: 5.5
nvd
больше 2 лет назад

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

msrc логотип

CVE-2023-1018

CVSS3: 8.8
msrc
больше 2 лет назад

CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability

debian логотип

CVE-2023-1018

CVSS3: 5.5
debian
больше 2 лет назад

An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...

github логотип

GHSA-cr8w-xxqw-fm2m

github
больше 2 лет назад

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

EPSS

Процентиль: 49%
0.00257
Низкий

5.5 Medium

CVSS3