VDB
GCVE-110-MAGEIA-2023-102
GCVE-110-MAGEIA-2023-102
Advisory Published
An out-of-bounds write vulnerability exists in TPM2.0's Module Library
allowing writing of a 2-byte data past the end of TPM2.0 command in the
CryptParameterDecryption routine. An attacker who can successfully exploit
this vulnerability can lead to denial of service (crashing the TPM
chip/process or rendering it unusable) and/or arbitrary code execution in
the TPM context. (CVE-2023-1017)
An out-of-bounds read vulnerability exists in TPM2.0's Module Library
allowing a 2-byte read past the end of a TPM2.0 command in the
CryptParameterDecryption routine. An attacker who can successfully exploit
this vulnerability can read or access sensitive data stored in the TPM.
(CVE-2023-1018)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | amdgpupro-opencl-pal | 0 (affected), 20.20-0.1089974.2.mga9.nonfree (unaffected) | — |
| Mageia | libtpms | 0 (affected), 0.9.6-1.mga8 (unaffected), 0 (affected), 0.9.6-1.mga8 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.