TPM2.0 Module Library Out-of-Bounds Read Vulnerability

TPM2.0 Module Library Out-of-Bounds Read Vulnerability

CVE-2023-1018 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Learn more about our Web Application Penetration Testing UK.