Billion Devices at Risk: Two Buffer Overflow Flaws Found in TPM 2.0 Specification

by | Mar 6, 2023 | News

Trusted Platform Module (TPM) 2.0 buffer overflow vulnerabilities cryptographic functions

Post Views: 1,210

Premium Content

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

TPM 2.0 and Its Importance in Security

The Trusted Platform Module (TPM) 2.0 specification, a hardware-based technology that provides operating systems with tamper-resistant secure cryptographic functions, is facing security concerns due to two buffer overflow vulnerabilities discovered by Quarkslab researchers Francisco Falcon and Ivan Arce.

The vulnerabilities, tracked as CVE-2023-1017 (out-of-bounds read) and CVE-2023-1018 (out-of-bounds write), could potentially impact billions of devices and result in information disclosure or escalation of privileges. While TPM is required for some Windows security features, such as Measured Boot, Device Encryption, Windows Defender System Guard (DRTM), and Device Health Attestation, it is not required for other more commonly used features. Nonetheless, when a Trusted Platform Module is available, Windows security features get enhanced security in protecting sensitive information and encrypting data.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discovering the Vulnerabilities in TPM 2.0

The vulnerabilities arise from how the specification processes the parameters for some TPM commands, allowing an authenticated local attacker to exploit them by sending maliciously crafted commands to execute code within the TPM. According to the security bulletin by Trusted Computing Group (TCG), the developer of the TPM specification, this could result in information disclosure or escalation of privileges. The CERT Coordination Center has published an alert about the vulnerabilities and has been informing vendors for months, trying to raise awareness while mapping the impact. Unfortunately, only a handful of entities have confirmed they are impacted.

The impact of these vulnerabilities depends on what vendors have implemented on that memory location, i.e., if it’s unused memory or if it contains live data. Lenovo is the only major OEM that has issued a security advisory about the two TPM flaws so far, warning that CVE-2023-1017 impacts some of its systems running on Nuvoton TPM 2.0 chips. While these flaws require authenticated local access to a device, it is important to remember that malware running on the device would meet that condition. TPM is a highly-secured space that should theoretically be shielded even from malware running on the device, so the practical importance of these vulnerabilities shouldn’t be ignored or downplayed.

Impact and Recommendations for Users and Vendors

Users are recommended to limit physical access to their devices to trusted users, only use signed applications from reputable vendors, and apply firmware updates as soon as they become available for their devices. It is crucial for impacted vendors to move to a fixed version of the specification, which includes TMP 2.0 v1.59 Errata version 1.4 or higher, TMP 2.0 v1.38 Errata version 1.13 or higher, or TMP 2.0 v1.16 Errata version 1.6 or higher. The TPM vulnerabilities serve as a reminder of the importance of regularly updating firmware and safeguarding against potential risks to sensitive data.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link