An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
{ "binaries": [ { "binary_name": "libtpms-dev", "binary_version": "0.9.3-0ubuntu1.22.04.1" }, { "binary_name": "libtpms0", "binary_version": "0.9.3-0ubuntu1.22.04.1" }, { "binary_name": "libtpms0-dbgsym", "binary_version": "0.9.3-0ubuntu1.22.04.1" } ], "availability": "No subscription required" }