Newly Discovered Vulnerabilities in TPM 2.0 Specification Could Compromise Billions of Devices

It is a mandatory requirement for Windows 11, and yeah ... TPM2 has a nasty vulnerability. Quarkslab, a cybersecurity specialist, has identified two buffer overflow vulnerabilities in the TPM 2.0 specification that attackers can exploit to gain access to sensitive data, including cryptographic keys.

These vulnerabilities, known as CVE-2023-1017 and CVE-2023-1018, affect the reference implementation of the TPM 2.0 specification and could impact billions of devices. Both vulnerabilities are caused by the way certain TPM commands are handled and can be exploited by an authenticated local attacker to obtain information or elevated privileges. While it is not yet clear which manufacturers are affected, TPM 2.0 is a key system requirement for Windows 11. It is important to note that exploiting these backdoors requires local access, but malware can be used to infect the TPM.

"An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and trigger these vulnerabilities," warned CERT.

"This allows either read-only access to sensitive data or overwriting of normally protected data that is only available to the TPM (e.g., cryptographic keys)."

The solution for impacted vendors is to move to a fixed version of the specification, which includes one of the following:

• TMP 2.0 v1.59 Errata version 1.4 or higher
• TMP 2.0 v1.38 Errata version 1.13 or higher
• TMP 2.0 v1.16 Errata version 1.6 or higher

When it comes to the two TPM vulnerabilities, Lenovo is the only large OEM to have released a security advisory, warning that CVE-2023-1017 affects some of its systems operating on Nuvoton TPM 2.0 chips.