Researchers found a few vulnerabilities affecting TPM 2.0, exploiting which could risk device security and expose sensitive data. An adversary could exploit the flaws to gain elevated privileges and execute malicious functions such as manipulating cryptographic keys.
TPM 2.0 Vulnerabilities Risked Security
The researcher Francisco Falcon and Ivan Arce from Quarkslab discovered two severe vulnerabilities in the Trusted Platform Module (TPM) 2.0.
TPM is a tamper-resistant hardware security measure that empowers operating systems to ensure security via cryptographic keys. While numerous TPM iterations exist and empower various devices. TPM 2.0 became much more popular after Microsoft made it necessary for devices to run Windows 11 – the latest version.
Although TPM 2.0 is relatively new, still, it supports billions of the latest computers. And that means any vulnerabilities here directly impact the security of those devices.
According to the CERT Coordination Center (CERT/CC) advisory, the two vulnerabilities that the researchers found include
- CVE-2023-1017 – an out-of-bounds write vulnerability in the CryptParameterDecryption routine that would enable an attacker to write 2-byte data past the TPM2.0 command. Exploiting this vulnerability could allow triggering DoS and code execution.
- CVE-2023-1018 – an out-of-bounds read flaw in the CryptParameterDecryption routine, allowing 2-byte data read past the TPM2.0 command, eventually exposing sensitive data.
Regarding the impact of these vulnerabilities, the TPM developer, Trusted Computing Group (TCG), also confirmed that exploiting the bugs could allow information disclosure and privilege escalation.
Vulnerabilities Patched
Following this discovery, the researchers reported the matter to the CERT Coordination Center (CERT/CC) and TCG, who then communicated the issue to the TPM vendors.
Despite the prompt bug report, only a few vendors have yet acknowledged the impact of these vulnerabilities.
From its end, TCG has released an update to their Errata for TPM2.0 Library Specification with the instructions for patching the vulnerabilities. Users must apply the relevant hardware and software security updates to receive the patches. OEMs and OS vendors may also need to upgrade the TPM chip firmware, alongside resetting the TPM to factory settings, to address the issues.