1. Home
  2. CVE Database
  3. CVE-2020-12926
MEDIUM · 6.4

CVE-2020-12926

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM...

Vulnerability Description

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AmdTrusted Platform Modules Reference-

Related Weaknesses (CWE)

CWE-367

References

FAQ

What is CVE-2020-12926?

CVE-2020-12926 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM...

How severe is CVE-2020-12926?

CVE-2020-12926 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12926?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Trusted Platform Modules Reference.