Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

tpm2.0 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3

CVE-2017-7524

tpm2-tools versions prior to 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
Tpm 2.0 Tools Tpm2-toolsTpm2-tools Project Tpm2.0-tools
NA

CVE-2025-2884

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata 1.83 of TCG standard TPM2.0
Trusted Computing Group Tpm2.0
7.8
CVSSv3

CVE-2023-1017

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashin...
Trusted Computing Group Tpm2.0Trustedcomputinggroup Trusted Platform Module 2.0Microsoft Windows 10 1507Microsoft Windows 10 1607Microsoft Windows 10 1809Microsoft Windows 10 20h2Microsoft Windows 10 21h2Microsoft Windows 10 22h2Microsoft Windows 11 21h2Microsoft Windows 11 22h2Microsoft Windows Server 2016Microsoft Windows Server 2019
5.5
CVSSv3

CVE-2023-1018

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the ...
Trusted Computing Group Tpm2.0Trustedcomputinggroup Trusted Platform Module 2.0Microsoft Windows 10 1507Microsoft Windows 10 1607Microsoft Windows 10 1809Microsoft Windows 10 20h2Microsoft Windows 10 21h2Microsoft Windows 10 22h2Microsoft Windows 11 21h2Microsoft Windows 11 22h2Microsoft Windows Server 2016Microsoft Windows Server 2019
4.3
CVSSv3

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
Tpm2-software Tpm2-tools
9
CVSSv3

CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows malicious users to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots a...
Tpm2 Software Tpm2 ToolsTpm2-software Tpm2-tools
7.1
CVSSv3

CVE-2020-8918

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions before 0.3.0 can lead an eavesdropping malicious user to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect bot...
Google Llc Google/go-tpm LibraryGoogle Go-tpm
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
injectCVE-2025-51381IDORnvidiaCVE-2025-4123CVE-2025-2783CVE-2025-30678remote attackersCVE-2025-48443kcm3100CVE-2025-6196tarteaucitron.ioadrian ladóearch icon">CVE-2023-33538
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook