Two vulnerabilities found by Quarkslab in the TPM2.0 reference implementation and reported in November 2022 are now publicly revealed and could affect Billions of devices.
Who can be affected ?
Large Tech vendors
What can you do next ?
Last Tuesday, February 28th 2023, after a lenghty coordinated disclosure process both CERT/CC and TCG published security advisories describing the issues and solutions to be considered :
CERT: https://kb.cert.org/vuls/id/782720
TCG: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf
Read more:
Two major vulnerabilities found in the TPM2.0 that could affect billion of devices
content.quarkslab.com
New Vulnerabilities Found in TPM 2.0 Library That Could be a Potential Threat to Billions of Devices
A pair of new vulnerabilities has been found in the TPM 2.0 library by cybersecurity company Quarkslab, that has security experts worried, as both of the flaws have potential far reaching implications. The two vulnerabilities go under the CVE identifiers of CVE-2023-1017 and CVE-2023-1018, where...
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
Researchers have uncovered 2 severe vulnerabilities in TPM 2.0 library that could impact billions of devices.
thehackernews.com
Errata for TPM Library Specification 2.0 | Trusted Computing Group
This document describes errata and clarifications for the TCG Trusted Platform Module Library Version 2.0 Revision 1.16, 1.38, and 1.59 as published. The information in this document is likely –but … Continue reading "Errata for TPM Library Specification 2.0"
trustedcomputinggroup.org
