VDB

MAGEIA-2023-102

MAGEIA-2023-102 PUBLISHED

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017) An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018)

Affected Products

VendorProductVersions
Mageialibtpms0, 0.9.6-1.mga8, 0
Mageiaamdgpupro-opencl-pal0, 20.20-0.1089974.2.mga9.nonfree

Timeline

  • Mar 18, 2023 CVE Updated
  • Mar 18, 2023 CVE Published
  • Mar 17, 2026 Distribution Patch
  • Mar 17, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›