CVE-2018-6622: High severity trusted computing group trusted platform module (tpm) vulnerability
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
Affected Software
Event History
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-6622.
What is the severity of CVE-2018-6622?
The severity of CVE-2018-6622 is high with a score of 7.1.
Which software is affected by CVE-2018-6622?
The Trusted Computing Group Trusted Platform Module (TPM) version 2.0 is affected by CVE-2018-6622.
What is the impact of this vulnerability?
This firmware vulnerability can cause issues during the S3 sleep state in BIOS firmware that makes a certain realistic interpretation of an obscure portion of the TCG TPM 2.0 specification.
Where can I find more information about CVE-2018-6622?
More information about CVE-2018-6622 can be found at the following references: [securityfocus.com](http://www.securityfocus.com/bid/105203) and [usenix.org](https://www.usenix.org/conference/usenixsecurity18/presentation/han).