MAGEIA-2023-102
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017) An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018)
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | libtpms | 0, 0.9.6-1.mga8, 0 |
| Mageia | amdgpupro-opencl-pal | 0, 20.20-0.1089974.2.mga9.nonfree |
Timeline
- Mar 18, 2023 CVE Updated
- Mar 18, 2023 CVE Published
- Mar 17, 2026 Distribution Patch
- Mar 17, 2026 Security Advisory
References
- Updated libtpms packages fix security vulnerability advisory
- Updated libtpms packages fix security vulnerability advisory
- Updated libtpms packages fix security vulnerability issue
- Updated libtpms packages fix security vulnerability issue
- New amdgpupro-opencl-pal package to download this proprietary driver advisory
- New amdgpupro-opencl-pal package to download this proprietary driver issue
- New amdgpupro-opencl-pal package to download this proprietary driver issue