Overview
Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and trigger these vulnerabilities. This allows either read-only access to sensitive data or overwriting of normally protected data that is only available to the TPM (e.g., cryptographic keys).
Description
Trusted Platform Module (TPM) technology is a hardware-based solution that provides secure cryptographic functions to the operating systems on modern computers, making it resistant to tampering. As cloud computing and virtualization have become more popular in recent years, software-based TPM implementations have also gained popularity. TPM can be implemented in the form of Discrete, Integrated or Firmware TPM in its hardware form. The virtual TPM's exists in Hypervisor form or in a purely software-based TPM implementation e.g., swtpm. The Trusted Computing Group (TCG) is responsible for maintaining the TPM specifications, which are actively contributed to by both hardware and software manufacturers. The TCG released the TPM 2.0 specifications in October 2014 and has since revised them multiple times. The latest version, Revision 01.59, was released in November 2019. Many TPM hardware and software manufacturers use these specifications to build firmware that complies with standards and provides a secure interface to sensitive cryptographic data. TPM is employed in a variety of devices, from specialized enterprise-grade hardware to Internet of Things (IoT) appliances.
The TPM Library Specification Architecture documents "Session-based encryption" ..
Support the originator by clicking the read the rest link below.
