CVE-2023-1018 — MEDIUM (5.5)

Q: How severe is CVE-2023-1018?

CVE-2023-1018 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-1018?

Check the references section above for vendor advisories and patch information. Affected products include: Trustedcomputinggroup Trusted Platform Module, Microsoft Windows 10 1507, Microsoft Windows 10 1607, Microsoft Windows 10 1809, Microsoft Windows 10 20H2.

Vulnerability Description

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Trustedcomputinggroup	Trusted Platform Module	2.0
Microsoft	Windows 10 1507	< 10.0.10240.19805
Microsoft	Windows 10 1607	< 10.0.14393.5786
Microsoft	Windows 10 1809	< 10.0.17763.4131
Microsoft	Windows 10 20H2	< 10.0.19042.2728
Microsoft	Windows 10 21H2	< 10.0.19044.2728
Microsoft	Windows 10 22H2	< 10.0.19045.2728
Microsoft	Windows 11 21H2	< 10.0.22000.1696
Microsoft	Windows 11 22H2	< 10.0.22621.1413
Microsoft	Windows Server 2016	< 10.0.14393.5786
Microsoft	Windows Server 2019	< 10.0.17763.4131
Microsoft	Windows Server 2022	< 10.0.20348.1607

Related Weaknesses (CWE)

CWE-125

References

https://kb.cert.org/vuls/id/782720Third Party AdvisoryUS Government Resource
https://trustedcomputinggroup.org/about/security/Vendor Advisory
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pVendor Advisory
https://kb.cert.org/vuls/id/782720Third Party AdvisoryUS Government Resource
https://trustedcomputinggroup.org/about/security/Vendor Advisory
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pVendor Advisory
https://www.kb.cert.org/vuls/id/782720

FAQ

What is CVE-2023-1018?

CVE-2023-1018 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully ...

How severe is CVE-2023-1018?

CVE-2023-1018 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1018?

Check the references section above for vendor advisories and patch information. Affected products include: Trustedcomputinggroup Trusted Platform Module, Microsoft Windows 10 1507, Microsoft Windows 10 1607, Microsoft Windows 10 1809, Microsoft Windows 10 20H2.