Response to TCG TPM2.0 Errata ID: TCGVRT0007 and CVE-2023-1017 and CVE-2023-1018

Question

Response to TCG TPM2.0 Errata ID: TCGVRT0007 and CVE-2023-1017 and CVE-2023-1018

sei-vsarvepalli opened this issue 2 years ago · comments

Hello WolfSSL TPM Crew,

Can you please consider a response to these two vulnerabilities disclosed by @CERTCC https://kb.cert.org/vuls/id/782720

We have tried to reach your PSIRT but so far not been able to get a response. Your response is appreciated. @JacobBarthelmeh is the only contact we have reached out to.

Thanks

https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf

David Garske · Answer 1 · Fri Mar 03 2023 03:43:37 GMT+0800 (China Standard Time)

Hi @sei-vsarvepalli ,

This came to my attention yesterday and reviewed the TCGVRT0007-Advisory-FINAL.pdf and the CERCC reports. These vulnerabilities do not affect wolfTPM. It only affects software TPM (swtpm). There should also be no issues with any physical TPM devices.

The vulnerabilities are in the TPM reference code “CryptParameterDecryption()". The issue is the TPM side and handling of arguments where length is not checked that allows an attacker to read or write two bytes past the buffer.

Thanks,
David Garske, wolfSSL