The Trusted Platform Module (TPM) 2.0 Reference Library specification has revealed two serious security flaws that could lead to information disclosure and privilege escalation.
one of the vulnerabilities CVE-2023-1017for out-of-bounds writes, and the other for CVE-2023-1018, described as an out-of-range read. It was his Quarkslab, a cybersecurity company, that discovered and reported the issue in November 2022.
The Trusted Computing Group (TCG) said in an advisory, “These vulnerabilities can be triggered from user-mode applications by sending malicious commands to the TPM 2.0, whose firmware is based on the affected TCG reference implementation. may occur.
Large technology vendors and organizations using enterprise computers, servers, IoT devices, and embedded systems, including TPMs, could be affected by this flaw, Quarkslab said, adding that “billions of devices It can affect the ,” he added.
A TPM is a hardware-based solution (that is, a cryptographic processor) designed to provide secure cryptographic functions and physical security mechanisms to prevent tampering.
“The most common TPM features are used to measure system integrity and create and use keys,” Microsoft says in its documentation. “During the system boot process, the loaded boot code (including firmware and operating system components) can be measured and recorded in the TPM.”
“The integrity measurements can be used as evidence of how the system booted, confirming that TPM-based keys were used only when the correct software was used to boot the system.”
The TCG Consortium attributed these shortcomings to the lack of required length checking, which could result in buffer overflows and open avenues for local information disclosure and privilege escalation. pointed out that there is
We recommend applying updates released by TCG and other vendors to address defects and reduce supply chain risks.
“Users of high-assurance computing environments should consider using TPM remote authentication to detect changes to devices and ensure that the TPM is tamper-proof,” said the CERT Coordination Center (CERT /CC) says in the warning.
