Kowatek Solar LTD
France VAT compliance
17:59
France VAT compliance
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
17:54
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
Why Britain is saying no to hydrogen boilers
17:53
Why Britain is saying no to hydrogen boilers
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels

TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices

Two separate vulnerabilities were found in Trusted Platform Module (TPM) 2.0. This could lead to information disclosure or privilege escalation.

At a basic level, a TPM is a hardware-based technology that provides secure cryptographic capabilities in modern computer operating systems to prevent tampering.

The flaw affecting revisions 1.59, 1.38, and 1.16 of the module’s reference implementation code was first discovered by the following security researchers: Quark Institute in November. Earlier this week, the company completed a coordinated disclosure process with his CERT Coordination Center, Trusted Computing Group (TCG). The latter company is the publisher of the TPM 2.0 library documentation.

The disclosed flaw occurred when processing malicious TPM 2.0 commands with encrypted parameters. Both are found in the `CryptParameterDecryption` function defined in the TCG documentation.

The first vulnerability (CVE-2023-1018) is an out-of-bounds read bug, and the second vulnerability (tracked CVE-2023-1017) is defined as an out-of-bounds write.

“These vulnerabilities can be triggered from user-mode applications by sending malicious commands to TPM 2.0, whose firmware is based on the affected TCG reference implementation,” the TCG said. . I have written“The TPM Workgroup’s ongoing analysis may identify additional instances, potentially increasing the scope of potential vulnerabilities.”

According to CERT RecommendationThis flaw allows read-only access to sensitive data (CVE-2023-1018) or overwriting of protected data only the TPM can use, such as cryptographic keys (CVE-2023-1017).

Prior to public release, TCG updated them Errata for TPM2.0 Library Specification Guidelines on how to fix defects.

“To ensure system security, users should apply updates provided by hardware and software manufacturers through the supply chain as soon as possible,” writes CERT.

“You may need to update the firmware of your TPM chip. This can be done through your OS vendor or Original Equipment Manufacturer (OEM). You may need to reset to factory defaults.”

For more information on hardware security, see This work To Information security Associate Editor James Coker.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us