An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105203 | Third Party Advisory VDB Entry |
https://www.usenix.org/conference/usenixsecurity18/presentation/han | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-17T18:00:00
Updated: 2018-09-05T09:57:01
Reserved: 2018-02-04T00:00:00
Link: CVE-2018-6622
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-17T18:29:01.227
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-6622
JSON object: View
Redhat Information
No data.
CWE