Quarkslab cybersecurity experts have discovered two vulnerabilities in the implementation of Trusted Platform Module (TPM) 2.0 that pose a potential threat to billions of computers with such chips.
TPM 2.0 chips have been installed on computer motherboards since mid-2016. Microsoft-specified technology is required for the implementation of security-related functions — the chip allows to generate and store cryptographic keys, as well as to restrict access to them. TPM 2.0 is designed to provide hardware-level security and greatly reduce the likelihood of hacking.
Vulnerabilities found in the reference implementation of TPM 2.0 technology received numbers CVE-2023-1017 And CVE-2023-1018 – They allow you to write or read data outside of the allocated buffer. The actual extent of the threat to affected machines depends on their manufacturers.
The error is caused by the improper operation of the mechanism for passing data to the ExecuteCommand() function, which allows writing two bytes beyond the buffer limit. Trusted Computing Group (TCG), responsible for developing the TPM specification warned (PDF)that, in general, exploiting vulnerabilities gives attackers access to protected information, allows it to be overwritten and increases their privileges in the system.
The bug has been fixed in the latest versions of the specification: TPM 2.0 v1.59 Errata 1.4 and later, v1.38 Errata 1.13 and later, and v1.16 Errata 1.6 and later. The vulnerabilities also affected the libtpms library developed for TPM software emulation – the bug has been fixed in the release libtpms 0.9.6.