CVE-2023-1018: TPM2.0 vulnerable to out-of-bounds read
A out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can sensitive data stored in the TPM.
Other sources
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability
Affected Software
Event History
Frequently Asked Questions
What is CVE-2023-1018?
CVE-2023-1018 is an out-of-bounds read vulnerability in TPM2.0's Module Library, allowing unauthorized access to sensitive data stored in the TPM.
How severe is CVE-2023-1018?
CVE-2023-1018 has a severity score of 8.8, indicating a critical vulnerability.
Which software versions are affected by CVE-2023-1018?
Windows 11 (21H2 and 22H2), Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows 10 (all versions) are affected by CVE-2023-1018.
How can I patch CVE-2023-1018?
You can patch CVE-2023-1018 by applying the appropriate security update from Microsoft or Trusted Computing Group, depending on the affected software.
Where can I get more information about CVE-2023-1018?
You can find more information about CVE-2023-1018 on the Microsoft Security Response Center (MSRC) website, Bugzilla, and Red Hat advisory.