Two buffer overflow vulnerabilities uncovered in TPM 2.0
Two buffer overflow vulnerabilities in the Trusted Platform Module (TPM) 2.0 specification could allow attackers to access or replace sensitive data such as cryptographic keys.
Quarkslab security researchers uncovered the vulnerabilities in the Trusted Platform Module (TPM) 2.0 reference library specification, sparking a massive cross-vendor effort to identify and patch vulnerable installations. According to a Carnegie Mellon CERT coordination center advisory, the vulnerabilities, CVE-2023-1017 and CVE-2023-1018, allow an authenticated, local attacker to overwrite protected data in the TPM firmware and launch code execution attacks.
When Quarkslab researchers Francisco Falcon and Ivan Arce announced the discovery of additional vulnerabilities in TPM 2.0, they warned that the flaws could affect billions of devices. They claim that these issues are the result of how the specification handles the parameters for some TPM instructions. An authenticated local attacker can use either of them to execute code by sending maliciously constructed commands to the TPM.
This discovery is concerning because TPM technology is used in a wide range of devices, from specialized enterprise-grade hardware to Internet of Things (IoT) appliances. Software-based TPM implementations have grown in popularity as cloud computing and virtualization have grown in popularity.
To complicate things, Carnegie Mellon University’s CERT Coordination Center issued an alert warning that an exploit leveraging these vulnerabilities would be essentially “undetectable” by both the devices themselves and the best antivirus software. The two flaws are in the way the TPM reference spec handles parameters that are part of TPM commands.
“An Out Of Bound (OOB) read vulnerability in the CryptParameterDecryption() routine allowed a 2-byte read access to data that was not part of the current session. It was also possible to write 2-bytes past the end of the current command buffer resulting in corruption of memory,” the center warned.
It’s also important to note that malware could be used to exploit these flaws, so users should make sure Microsoft Defender is up to date and turned on. However, for added security, users may want to consider one of the best Windows 11 antivirus software solutions.
Organizations concerned about these flaws are therefore encouraged to upgrade to one of the following fixed versions: TMP 2.0 v1.59 Errata version 1.4 or higher, TMP 2.0 v1.38 Errata version 1.13 or higher, and TMP 2.0 v1.16 Errata version 1.6 or higher. While these flaws require authenticated local access to a device, keep in mind that malware running on the device would meet that requirement.
The sources for this piece include an article in BleepingComputer.