Go to listing page

New Vulnerabilities in TPM 2.0 May Affect IoT and Enterprise Devices

New Vulnerabilities in TPM 2.0 May Affect IoT and Enterprise Devices
The Trusted Platform Module (TPM) 2.0 library was found affected by two vulnerabilities that could pose threats to billions of IoT and enterprise devices. The flaws could allow threat actors to access or overwrite sensitive data, such as cryptographic keys.

At a basic level, TPM is hardware that provides tamper-resistant cryptographic functions to operating systems such as Windows and Linux.

About the vulnerabilities

The flaws, discovered by Quarkslab’s researchers Francisco Falcon and Ivan Arce, are related to buffer overflow issues.
  • The first vulnerability is tracked as CVE-2023-1017 and is an out-of-bounds read issue. The second is designated as CVE-2023-1018, which is an out-of-bounds write issue.
  • The flaws occur when handling malicious TPM 2.0 commands with encrypted parameters in the ‘CryptParameterDecryption’ function, and can be triggered by sending maliciously-crafted commands. 
  • According to a security bulletin by TCG, the developer of the TPM specification, these flaws could lead to information disclosure or escalation of privileges. 
  • Furthermore, the vulnerability can allow an attacker, with access to a TPM-command interface, to overwrite the protected data on systems.

Affected versions

  • Large tech vendors and organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws. 
  • So far, Lenovo has issued a security advisory that warns that CVE-2023-1017 impacts some of its systems running on Nuvoton TPM 2.0 chips. 

While the vulnerabilities can be exploited by gaining authenticated access to a device, the conditions can also be met with malware running on the device.

Recommendations

Users are recommended to limit physical access to their devices to trusted users. Moreover, the impacted vendors can update to the suggested versions of TMP 2.0 v1.59, v1.38, and v1.16 (for Errata) to address the issues. Read more about the vulnerabilities here.
Cyware Publisher

Publisher

Cyware