CVE-2020-26933: High severity trusted computing group trusted platform module (tpm) vulnerability
Published Nov 18, 2020
·Updated
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USEDAUSED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.
Affected Software
3 affected components
Trustedcomputinggroup Trusted Platform Module=2.0-revision_1.38
Trustedcomputinggroup Trusted Platform Module=2.0-revision_1.40
Trustedcomputinggroup Trusted Platform Module=2.0-revision_1.59
Event History
Nov 18, 2020
CVE Published
via MITRE·04:50 PM
Data Sourced
via MITRE·04:50 PM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2020-26933?
The severity of CVE-2020-26933 is high.
2
How does CVE-2020-26933 affect Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0?
CVE-2020-26933 affects Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 by allowing incorrect access control during a non-orderly TPM shut-down.
3
How can CVE-2020-26933 be exploited?
CVE-2020-26933 can be exploited through a dictionary attack.
4
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-26933?
The CWE ID for CVE-2020-26933 is 665.
5
How can I fix CVE-2020-26933?
To fix CVE-2020-26933, ensure that the Trusted Platform Module Library Family 2.0 is updated to the latest version.