Showing 1 - 4 of 4

CVE-2023-22745

Status Candidate

Overview

tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.

Related Files

Red Hat Security Advisory 2024-4408-03: Posted Jul 9, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-4408-03 - An update for tpm2-tss is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-22745; SHA-256 | 29438d2bb58a7c83391b1aa94314baf5fab981379bdc95e83f6cdfa449820550; Download | Favorite | View

Ubuntu Security Notice USN-6796-1: Posted May 30, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6796-1 - Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. Jurgen Repp and Andreas Fuchs discovered that TPM2 Software Stack did not validate the quote data after deserialization. An attacker could generate an arbitrary quote and cause TPM2 Software Stack to have unknown behavior.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-22745, CVE-2024-29040; SHA-256 | dcfbc23cf3c552a9a4744b58987227f1e79944f37c015bfecba48473b02cb673; Download | Favorite | View

Red Hat Security Advisory 2023-7166-01: Posted Nov 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-7166-01 - An update for tpm2-tss is now available for Red Hat Enterprise Linux 8.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-22745; SHA-256 | a767a15f5ac7705c943d9cab13ace0ba1001f53e976ca65a5897ba233224848c; Download | Favorite | View

Red Hat Security Advisory 2023-6685-01: Posted Nov 13, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-6685-01 - An update for tpm2-tss is now available for Red Hat Enterprise Linux 9.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-22745; SHA-256 | 015f7303fa0dc8e06a5677294e7aac2ecc517e85ad7081124380154d86b042f1; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 226 files
Ubuntu 86 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,374)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,287)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,660)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

CVE-2023-22745

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems