- Security researchers at Quarkslab have identified two buffer overflow vulnerabilities in the Trusted Platform Module (TPM) that could be exploited.
- An attacker with access to a device that has a susceptible TPM version may be able to exploit it by giving it specific commands.
- To address these issues, the Trusted Computing Group (TCG) has published an update to their Errata for TPM 2.0 Library Standard.
Two buffer overflow flaws were discovered by security researchers at Quarkslab in the Trusted Platform Module (TPM), which might give a malicious actor access to sensitive data that is generally protected or read-only. The microcontroller chip called the Trusted Platform Module is used for its hardware-based security capabilities to safeguard sensitive data on a computer system. People recently knew more about the TPM module since Microsoft made it a requirement for Windows 11 installation.
How the vulnerability works
The “Session-based encryption” described in the TPM Library Standard Architecture enables a cryptographic client program to carry out a variety of tasks, including those that offer Parameter Encryption capabilities.
Two flaws, which can be tracked as CVE-2023-1017 and CVE-2023-1018, in the way the TPM reference specification handles certain of these parameters that are a component of TPM instructions were discovered by Quarkslab security researchers. An Out Of Bound (OOB) read vulnerability in the CryptParameterDecryption() procedure permitted 2-byte read access to data that was not part of the current session. Moreover, it was possible to write 2 bytes past the end of the active command buffer without causing memory damage.
If a device has a vulnerable TPM version, an attacker with access to it may be able to take advantage of a flaw in the TPM by sending it particular commands. The TPM might be tricked into accessing data that wasn’t intended to be accessed in this way. It can be difficult to identify or stop such unwanted access using conventional host-based security measures because the operating system depends on the TPM firmware to carry out these tasks.
Solution
The Trusted Computing Group (TCG) has released an update to their Errata for TPM 2.0 Library Specification with instructions, so OEMs can address these vulnerabilities. The fixed versions of the specifications can be seen below:
- TPM 2.0 v1.59 Erreta version 1.4 or newer
- TPM 2.0 v1.38 Errata version 1.13 or newer
- TPM 2.0 v1.16 Errata version 1.6 or newer
However, it will likely take some time for the vendors to release the fixed firmware. Keep your eye on your vendor’s website for an update, or contact them.