Vulnerabilities in the TPM 2.0 reference implementation code
Posted: Wed Oct 16, 2024 6:50 am
In this blog post we discuss the details of two vulnerabilities we discovered in the Trusted Platform Module (TPM) 2.0 reference implementation code. These two vulnerabilities, an out-of-bounds write (CVE-2023-1017) and an out-of-bounds read (CVE-2023-1018), affected several TPM 2.0 software implementations (such as the ones used by virtualization software) as well as a number of hardware TPMs.
https://blog.quarkslab.com/vulnerabilit ... -code.html
https://blog.quarkslab.com/vulnerabilit ... -code.html