Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-1017

Published: 28/02/2023 Updated: 01/04/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Trustedcomputinggroup

Vulnerability Summary

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

trustedcomputinggroup trusted platform module 2.0

microsoft windows 10 1809

microsoft windows 10 20h2

microsoft windows 11 21h2

microsoft windows 10 21h2

microsoft windows 10 22h2

microsoft windows 10 1607

microsoft windows 10 1507

microsoft windows server 2016

microsoft windows 11 22h2

microsoft windows server 2019

microsoft windows server 2022

Vendor Advisories

Debian CVElist Bug Report Logs: libtpms: CVE-2023-1017 CVE-2023-1018
Debian Bug report logs - #1032420 libtpms: CVE-2023-1017 CVE-2023-1018 Package: src:libtpms; Maintainer for src:libtpms is Seunghun Han <kkamagui@gmailcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Mar 2023 13:09:01 UTC Severity: grave Tags: security, upstream Found in version libtpms/09 ...
Red Hat: Moderate: libtpms security update
Synopsis Moderate: libtpms security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libtpms is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Red Hat: Moderate: virt:rhel and virt-devel:rhel security and bug fix update
Synopsis Moderate: virt:rhel and virt-devel:rhel security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise L ...
Red Hat: Important: OpenShift Container Platform 4.13.2 bug fix and security update
Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Red Hat:
Description<!---->An out-of-bounds write vulnerability was found in the TPM 20's Module Library, which allows the writing of 2-byte data after the end of the TPM command This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope ...

Github Repositories

https://github.com/vSphere8upgrade/7u3-to-8u1

This repository has information on how to upgrade from vSphere 7u3 to vSphere 8u1

Table of Contents vSphere 8 &amp; 8u1 Announcements &amp; Documentation a Helpful Videos &amp; Blog Posts b General Documentation c Useful Links vSphere 8 &amp; 8u1 New Features a Highlights from vCenter &amp; ESXi 8u1 Release Notes b vSphere Distributed Services Engine c vSphere with Tanzu d Lifecycle Management e Artificial Intelligence &amp;

https://github.com/vSphere8upgrade/7u3-to-8u2

This repository has information on how to upgrade from vSphere 7u3 to vSphere 8u2

Table of Contents vSphere 8 &amp; 8u1 Announcements &amp; Documentation a Helpful Videos &amp; Blog Posts b General Documentation c Useful Links vSphere 8 &amp; 8u1 New Features a Highlights from vCenter &amp; ESXi 8u1 Release Notes b Highlights from vCenter &amp; ESXi 8u2 Release Notes c vSphere Distributed Services Engine d vSphere with Tanzu e

Recent Articles

Crims exploit Microsoft, Fortinet flaws before any patches exist
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party

Patch Tuesday Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix. First up: prioritize patching CVE-2023-23397, a privilege elevation bug in Microsoft Outlook that received a 9.8 out of 10 CVSS rating. While details of the hole haven't been publicly disclosed, it has already been exploited in the wild, and Microsoft lists its...

Read more...

References

CWE-787https://kb.cert.org/vuls/id/782720https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdfhttps://trustedcomputinggroup.org/about/security/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032420https://nvd.nist.govhttps://github.com/vSphere8upgrade/7u3-to-8u1https://access.redhat.com/security/cve/cve-2023-1017
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook