CVE-2023-1018 - OpenCVE

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows 10 21h2 Windows 10 20h2 Windows 10 1607 Windows 10 22h2 Windows Server 2022 Windows Server 2016 Windows 10 1507 Windows Server 2019 Windows 11 22h2 Windows 10 1809 Windows 11 21h2
Trustedcomputinggroup	Trusted Platform Module

Configuration 1 [-]

OR	cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16::::::
	cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38::::::
	cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59::::::

Configuration 2 [-]

OR	cpe:2.3:o:microsoft:windows_10_1507:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_1607:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_1809:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_20h2:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_21h2:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_22h2:::::::x64:*
	cpe:2.3:o:microsoft:windows_11_21h2:::::::x64:*
	cpe:2.3:o:microsoft:windows_11_22h2:::::::x64:*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022::::::::

References

Link	Resource
https://kb.cert.org/vuls/id/782720	Third Party Advisory US Government Resource
https://trustedcomputinggroup.org/about/security/	Vendor Advisory
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2023-02-28T17:54:33.260Z

Updated: 2023-02-28T19:08:19.512Z

Reserved: 2023-02-24T16:06:48.994Z

Link: CVE-2023-1018

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-02-28T18:15:10.290

Modified: 2024-04-01T15:50:11.033

Link: CVE-2023-1018

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*", "matchCriteriaId": "AC453113-CAE8-44B0-8306-7BB854B77EB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*", "matchCriteriaId": "6F43ED59-0C7E-4BBB-8931-4033AEC36269", "vulnerable": true}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*", "matchCriteriaId": "2FC8BA48-73AA-483B-9276-A0605B15F22F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", "matchCriteriaId": "3FE6559F-B4C0-4188-86CB-4DB6FBB85A5C", "versionEndExcluding": "10.0.10240.19805", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "matchCriteriaId": "93CEF0C6-6B6E-4157-A763-89F570FE0AB7", "versionEndExcluding": "10.0.14393.5786", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "matchCriteriaId": "3001E324-7A3C-4EEB-86DC-E79471F752BD", "versionEndExcluding": "10.0.17763.4131", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "579AE0F1-E226-4504-9BF8-05E7BAE682D7", "versionEndExcluding": "10.0.19042.2728", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "D41F5E5B-D344-41B1-A160-8118DDB623C3", "versionEndExcluding": "10.0.19044.2728", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "BA59AB71-F8C7-49B0-AD2F-F9C00D82C85A", "versionEndExcluding": "10.0.19045.2728", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "6D06089A-31F7-44C7-98CB-216ABAD280A4", "versionEndExcluding": "10.0.22000.1696", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", "matchCriteriaId": "7BB45E5C-C74C-46B1-BE64-4EF90075A3CC", "versionEndExcluding": "10.0.22621.1413", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "40EFB742-9414-4585-A71E-4316D488BFA7", "versionEndExcluding": "10.0.14393.5786", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "D19233CA-3830-499D-A4C0-2C023C8AD700", "versionEndExcluding": "10.0.17763.4131", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA73D25B-EB4C-4493-9C79-4F4E181FF95B", "versionEndExcluding": "10.0.20348.1607", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM."}], "id": "CVE-2023-1018", "lastModified": "2024-04-01T15:50:11.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-28T18:15:10.290", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/782720"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://trustedcomputinggroup.org/about/security/"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}