New Vulnerabilities Found in TPM 2.0 Library That Could be a Potential Threat to Billions of Devices

TheLostSwede · Mar 7, 2023

A pair of new vulnerabilities has been found in the TPM 2.0 library by cybersecurity company Quarkslab, that has security experts worried, as both of the flaws have potential far reaching implications. The two vulnerabilities go under the CVE identifiers of CVE-2023-1017 and CVE-2023-1018, where the first one allows for out-of-bounds writes, whereas the second one enables out-of-bounds reads, also known as buffer overflow vulnerabilities. This in itself might not sound particularly concerning, but as both can be triggered from user-mode applications, they're a pretty big deal, as it would enable malicious commands to be sent to a TPM 2.0 module, which could in turn enable malicious software to be installed on the device with the TPM 2.0 module.

According to Quarkslab, billions of devices could be affected, as TPM 2.0 authentication modules are used in everything from servers to IoT devices and has been the main hardware-based crypto solution for almost a decade by now. The attacker using the vulnerabilities would have to know what they're doing to be able to take advantage of these two flaws in TPM 2.0, but as it relies on the TPM command interface, there's no easy way to protect against an attack, if someone has gained user access to the system in question. The Trusted Computing Group (TCG) which is in charge of the TPM standard, has already issued an errata which includes instructions on how to address the two vulnerabilities and we're like to see updates from all major hardware vendors as they see fit.

View at TechPowerUp Main Site | Source

Assimilator · Mar 7, 2023

You'd expect that an organisation that's supposed to be about security would be able to write code that does bounds checking properly, but apparently not...

TumbleGeorge · Mar 7, 2023

Assimilator said:
You'd expect that an organisation that's supposed to be about security would be able to write code that does bounds checking properly, but apparently not...

Oh, it's quite obvious that they are pushing us to buy motherboards and other devices with updated versions of hardware TPM chips. There are no random things, only greed.

ThrashZone · Mar 7, 2023

Hi,
But wait onedrive to the rescue it's just a disposable devise right :laugh:

lexluthermiester · Mar 7, 2023

TheLostSwede said:
A pair of new vulnerabilities have been found in the TPM 2.0 library

Gee golly darn, who saw THIS coming...

Assimilator said:
You'd expect that an organisation that's supposed to be about security would be able to write code that does bounds checking properly, but apparently not...

Or perhaps proper and complete TESTING before releasing.

catulitechup · Mar 7, 2023

I remember when M$ said TPM 2.0 for more security................and now

Solaris17 · Mar 7, 2023

Not bad for a decade of existing I guess. These API libraries after all have nothing to do with MS. :rolleyes:

Looks like this might get to be fixed with software though, which is nice. Better than TPM 1.2 hardware sec issue I guess.

A Computer Guy · Mar 7, 2023

TumbleGeorge said:
Oh, it's quite obvious that they are pushing us to buy motherboards and other devices with updated versions of hardware TPM chips. There are no random things, only greed.

It's a coincidence!

JAB Creations · Mar 7, 2023

Gee, Microsoft who is basically married to the criminal organization masquerading as a "government" pushing TPM 2.0 as a "requirement" for Windows 11 and the device is found to have vulnerabilities?!

sLowEnd · Mar 7, 2023

lexluthermiester said:
Gee golly darn, who saw THIS coming...

Or perhaps proper and complete TESTING before releasing.

lol who tests any software or hardware these days? The name of the game is to get a minimum viable product out and maybe patch it later but not really, go buy our new product instead

mechtech · Mar 7, 2023

Trusted Platform Mole.

qlum · Mar 7, 2023

The misunderstanding about TPM is that people think it's about protecting them.
It exists to protect the system against it's users. This could be Microsoft using it as a form of tamper protection, or it could be a corporation protecting it's laptops.
End of the day, it is not really meant to protect the user, nor will it ever be effective for that.

Wirko · Mar 7, 2023

The S in TPM stands for ... aaah-hemm.

A Computer Guy · Mar 7, 2023

Can't wait until TPM with 2FA becomes a thing. :laugh:

johnspack · Mar 8, 2023

This is why MS wants us to have TPM 2.0? For Win11? Okay. Hmmmm.....

AsRock · Mar 8, 2023

johnspack said:
This is why MS wants us to have TPM 2.0? For Win11? Okay. Hmmmm.....

No, MS want you to have it so there is a bigger chance of you needing a new PC. there be a few software fiixes that possibly break stuff then a newer TPM like 2.1 or 3.0 which requires a new OS ha.

lexluthermiester · Mar 8, 2023

AsRock said:
No, MS want you to have it so there is a bigger chance of you needing a new PC. there be a few software fiixes that possibly break stuff then a newer TPM like 2.1 or 3.0 which requires a new OS ha.

Regardless of what microsoft claims, there is no good reason for TPM in consumer level PC's. TPM does not help the average PC user in any way. It has the potential to cause serious problems.

So the requirement of TPM is absurd. The only motivation is selling PC's to keep the PC market from collapsing, which was a very real possibility and to some degree still is. The Covid Pandemic has had a number of disruptive effects. While I despise them doing this and how they did it, the reason can be understood, even if it is despicable. There are better ways to do motivate PC sales and upgrades. The boneheads at microsoft simply didn't use their brains for anything more that a seat cushion(looking at you microsoft board of directors).

LabRat 891 · Mar 8, 2023

This is just perfect for a Microsoft Sam 'ROFLcopter'

Literally, things were more secure when there was no security in-built and whoever deployed the kit, actually had to know what they were doing...

hat · Mar 8, 2023

"if someone has gained user access" so yet another weird exploit that can screw you when you're already screwed. It's like saying a thief who has stolen your car may be able to start your engine.

P4-630 · Mar 8, 2023

So physical local access is needed?

LabRat 891 · Mar 8, 2023

P4-630 said:
So physical local access is needed?

At least from the terms used, no. "User Access" could include a compromised account profile or phished/social engineered credentials.
I still tend to agree w/ hat. If you're already pwned, there's not much stopping full access. However, I could see these kinds of security exploits used to somehow 'get around' User-permissions limitations.

Basically, IMO as a pedestrian home user/enthusiast: This is of little concern.
However, for companies that spent $$$$$$+ on 'highly secure, new msft-approved equipment' might:
A. have something to worry about
B. be miffed as all hell.

VolutedJoker · Mar 8, 2023

No lie, I literally updated to TPM 2.0 last night just to get the free upgrade to Windows 11. SMH

A Computer Guy · Mar 8, 2023

What about AMD CPU based TPM? No problems there or is that an entirely different beast?

LabRat 891 · Mar 8, 2023

A Computer Guy said:
What about AMD CPU based TPM? No problems there or is that an entirely different beast?

According to the article, it's the whole library/spec.

lexluthermiester · Mar 8, 2023

P4-630 said:
So physical local access is needed?

Maybe.

VolutedJoker said:
No lie, I literally updated to TPM 2.0 last night just to get the free upgrade to Windows 11. SMH

You should have just used a bypass and used 11 anyway. The requirements are just microsoft BS anyway.

System Name	Overlord Mk MLI
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte X670E Aorus Master
Cooling	Noctua NH-D15 SE with offsets
Memory	32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s)	Gainward GeForce RTX 4080 Phantom GS
Storage	1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s)	Acer XV272K LVbmiipruzx 4K@160Hz
Case	Fractal Design Torrent Compact
Audio Device(s)	Corsair Virtuoso SE
Power Supply	be quiet! Pure Power 12 M 850 W
Mouse	Logitech G502 Lightspeed
Keyboard	Corsair K70 Max
Software	Windows 10 Pro
Benchmark Scores	https://valid.x86.fr/yfsd9w

System Name	Firelance.
Processor	Threadripper 3960X
Motherboard	ROG Strix TRX40-E Gaming
Cooling	IceGem 360 + 6x Arctic Cooling P12
Memory	8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s)	MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage	2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s)	Dell S3221QS(A) (32" 38x21 60Hz) + 2x AOC Q32E2N (32" 25x14 75Hz)
Case	Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply	Fractal Design Ion+ 2 Platinum 760W
Mouse	Logitech G604
Keyboard	Razer Pro Type Ultra
Software	Windows 10 Professional x64

System Name	Ghetto Rigs z490\|x99\|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor	10900k w/Optimus Foundation \| 5930k w/Black Noctua D15
Motherboard	z490 Maximus XII Apex \| x99 Sabertooth
Cooling	oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block \| Blk D15
Memory	Trident-Z Royal 4000c16 2x16gb \| Trident-Z 3200c14 4x8gb
Video Card(s)	Titan Xp-water \| evga 980ti gaming-w/ air
Storage	970evo+500gb & sn850x 4tb \| 860 pro 256gb \| Acer m.2 1tb/ sn850x 4tb\| Many2.5" sata's ssd 3.5hdd's
Display(s)	1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case	D450 \| Cherry Entertainment center on Test bench
Audio Device(s)	Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply	EVGA 1000P2 with APC AX1500 \| 850P2 with CyberPower-GX1325U
Mouse	Redragon 901 Perdition x3
Keyboard	G710+x3
Software	Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores	Are in the benchmark section

Processor	AMD Ryzen 5 4600G @4300mhz
Motherboard	MSI B550-Pro VC
Cooling	Scythe Mugen 5 Black Edition
Memory	16GB DDR4 4133Mhz Dual Channel
Video Card(s)	IGP AMD Vega 7 Renoir @2300mhz (8GB Shared memory)
Storage	256GB NVMe PCI-E 3.0 - 6TB HDD - 4TB HDD
Display(s)	Samsung SyncMaster T22B350
Software	Xubuntu 24.04 LTS x64 + Windows 10 x64

System Name	RogueOne
Processor	Xeon W9-3495x
Motherboard	ASUS w790E Sage SE
Cooling	SilverStone XE360-4677
Memory	128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s)	MSI SUPRIM Liquid 5090
Storage	1x 2TB WD SN850X \| 2x 8TB GAMMIX S70
Display(s)	49" Philips Evnia OLED (49M2C8900)
Case	Thermaltake Core P3 Pro Snow
Audio Device(s)	Moondrop S8's on chitt Gunnr
Power Supply	Seasonic Prime TX-1600
Mouse	Razer Viper mini signature edition (mercury white)
Keyboard	Wooting 80 HE White, Gateron Jades
VR HMD	Quest 3
Software	Windows 11 Pro Workstation
Benchmark Scores	I dont have time for that.

New Vulnerabilities Found in TPM 2.0 Library That Could be a Potential Threat to Billions of Devices

TheLostSwede

News Editor

Assimilator

TumbleGeorge

ThrashZone

lexluthermiester

catulitechup

Solaris17

Super Dainty Moderator

A Computer Guy

JAB Creations

sLowEnd

mechtech

qlum

Wirko

A Computer Guy

johnspack

Here For Good!

AsRock

TPU addict

lexluthermiester

LabRat 891

hat

Enthusiast

P4-630

LabRat 891

VolutedJoker

A Computer Guy

LabRat 891

lexluthermiester

System Name	Still not a thread ripper but pretty good.
Processor	Ryzen 9 7950x, Thermal Grizzly AM5 Offset Mounting Kit, Thermal Grizzly Extreme Paste
Motherboard	ASRock B650 LiveMixer (BIOS/UEFI version P3.08, AGESA 1.2.0.2)
Cooling	EK-Quantum Velocity, EK-Quantum Reflection PC-O11, D5 PWM, EK-CoolStream PE 360, XSPC TX360
Memory	Micron DDR5-5600 ECC Unbuffered Memory (2 sticks, 64GB, MTC20C2085S1EC56BD1) + JONSBO NF-1
Video Card(s)	XFX Radeon RX 5700 & EK-Quantum Vector Radeon RX 5700 +XT & Backplate
Storage	Samsung 4TB 980 PRO, 2 x Optane 905p 1.5TB (striped), AMD Radeon RAMDisk
Display(s)	2 x 4K LG 27UL600-W (and HUANUO Dual Monitor Mount)
Case	Lian Li PC-O11 Dynamic Black (original model)
Audio Device(s)	Corsair Commander Pro for Fans, RGB, & Temp Sensors (x4)
Power Supply	Corsair RM750x
Mouse	Logitech M575
Keyboard	Corsair Strafe RGB MK.2
Software	Windows 10 Professional (64bit)
Benchmark Scores	RIP Ryzen 9 5950x, ASRock X570 Taichi (v1.06), 128GB Micron DDR4-3200 ECC UDIMM (18ASF4G72AZ-3G2F1)

Processor	AMD Ryzen 3800X / AMD 8350
Motherboard	ASRock X570 Phantom Gaming X / Gigabyte 990FXA-UD5 Revision 3.0
Cooling	Stock / Corsair H100
Memory	32GB / 24GB
Video Card(s)	Sapphire RX 6800 / AMD Radeon 290X (Toggling until 6950XT)
Storage	C:\ 1TB SSD, D:\ RAID-1 1TB SSD, 2x4TB-RAID-1
Display(s)	Samsung U32E850R
Case	be quiet! Dark Base Pro 900 Black rev. 2 / Fractal Design
Audio Device(s)	Creative Sound Blaster X-Fi
Power Supply	EVGA Supernova 1300G2 / EVGA Supernova 850G+
Mouse	Logitech M-U0007
Keyboard	Logitech G110 / Logitech G110

Processor	Ryzen 5700x
Motherboard	Gigabyte X570S Aero G R1.1 BiosF5g
Cooling	Noctua NH-C12P SE14 w/ NF-A15 HS-PWM Fan 1500rpm
Memory	Micron DDR4-3200 2x32GB D.S. D.R. (CT2K32G4DFD832A)
Video Card(s)	AMD RX 6800 - Asus Tuf
Storage	Kingston KC3000 1TB & 2TB & 4TB Corsair MP600 Pro LPX
Display(s)	LG 27UL550-W (27" 4k)
Case	Be Quiet Pure Base 600 (no window)
Audio Device(s)	Realtek ALC1220-VB
Power Supply	SuperFlower Leadex V Gold Pro 850W ATX Ver2.52
Mouse	Mionix Naos Pro
Keyboard	Corsair Strafe with browns
Software	W10 22H2 Pro x64

Processor	i5-6600K
Motherboard	Asus Z170A
Cooling	some cheap Cooler Master Hyper 103 or similar
Memory	16GB DDR4-2400
Video Card(s)	IGP
Storage	Samsung 850 EVO 250GB
Display(s)	2x Oldell 24" 1920x1200
Case	Bitfenix Nova white windowless non-mesh
Audio Device(s)	E-mu 1212m PCI
Power Supply	Seasonic G-360
Mouse	Logitech Marble trackball, never had a mouse
Keyboard	Key Tronic KT2000, no Win key because 1994
Software	Oldwin

System Name	System2 Blacknet , System1 Blacknet2
Processor	System2 Threadripper 1920x, System1 2699 v3
Motherboard	System2 Asrock Fatality x399 Professional Gaming, System1 Asus X99-A
Cooling	System2 Noctua NH-U14 TR4-SP3 Dual 140mm fans, System1 AIO
Memory	System2 64GBS DDR4 3000, System1 32gbs DDR4 2400
Video Card(s)	System2 GTX 980Ti System1 GTX 970
Storage	System2 4x SSDs + NVme= 2.250TB 2xStorage Drives=8TB System1 3x SSDs=2TB
Display(s)	1x27" 1440 display 1x 24" 1080 display
Case	System2 Some Nzxt case with soundproofing...
Audio Device(s)	Asus Xonar U7 MKII
Power Supply	System2 EVGA 750 Watt, System1 XFX XTR 750 Watt
Mouse	Logitech G900 Chaos Spectrum
Keyboard	Ducky
Software	Archlinux, Manjaro, Win11 Ent 24h2
Benchmark Scores	It's linux baby!

Processor	AMD 3900X \ AMD 7700X
Motherboard	ASRock AM4 X570 Pro 4 \ ASUS X670Xe TUF
Cooling	D15
Memory	Patriot 2x16GB PVS432G320C6K \ G.Skill Flare X5 F5-6000J3238F 2x16GB
Video Card(s)	eVga GTX1060 SSC \ XFX RX 6950XT RX-695XATBD9
Storage	Sammy 860, MX500, Sabrent Rocket 4 Sammy Evo 980 \ 1xSabrent Rocket 4+, Sammy 2x990 Pro
Display(s)	Samsung 1080P \ LG 43UN700
Case	Fractal Design Pop Air 2x140mm fans from Torrent \ Fractal Design Torrent 2 SilverStone FHP141x2
Audio Device(s)	Yamaha RX-V677 \ Yamaha CX-830+Yamaha MX-630 \Paradigm 7se MKII, Paradigm 5SE MK1 , Blue Yeti
Power Supply	Seasonic Prime TX-750 \ Corsair RM1000X Shift
Mouse	Steelseries Sensei wireless \ Steelseries Sensei wireless
Keyboard	Logitech K120 \ Wooting Two HE
Benchmark Scores	Meh benchmarks.

System Name	Metalia
Processor	AMD Ryzen 7 5800X3D
Motherboard	Asus TuF Gaming X570-PLUS
Cooling	ID Cooling 280mm AIO w/ Arctic P14s
Memory	2x32GB DDR4-3600
Video Card(s)	Sapphire Pulse RX 9070 XT
Storage	Optane P5801X 400GB, Samsung 990Pro 2TB
Display(s)	LG ‎32GS95UV 32" OLED 240/480hz 4K/1080P Dual Mode
Case	Geometric Future M8 Dharma
Audio Device(s)	Xonar Essence STX
Power Supply	Seasonic Focus GX-1000 Gold
Mouse	Attack Shark R3 Magnesium - White
Keyboard	Keychron K8 Pro - White - Tactile Brown Switch
Software	Windows 10 IoT Enterprise LTSC 2021

System Name	Starlifter :: Dragonfly
Processor	i7 2600k 4.4GHz :: i5 10400
Motherboard	ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling	Cryorig M9 :: Stock
Memory	4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s)	PNY GTX1070 :: Integrated UHD 630
Storage	Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s)	Onn 165hz 1080p :: Acer 1080p
Case	Antec SOHO 1030B :: Old White Full Tower
Audio Device(s)	Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply	FSP Hydro GE 550w :: EVGA Supernova 550
Software	Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores	>9000

System Name	AlderLake
Processor	Intel i7 12700K P-Cores @ 5Ghz
Motherboard	Gigabyte Z690 Aorus Master
Cooling	Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory	32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s)	MSI RTX 2070 Super Gaming X Trio
Storage	Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s)	23.8" Dell S2417DG 165Hz G-Sync 1440p
Case	Be quiet! Silent Base 600 - Window
Audio Device(s)	Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply	Seasonic Focus Plus Gold 750W
Mouse	Logitech MX Anywhere 2 Laser wireless
Keyboard	RAPOO E9270P Black 5GHz wireless
Software	Windows 11
Benchmark Scores	Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock

Processor	AMD 5800X3D
Motherboard	Asus X570-E Strix
Cooling	NZXT X73 AIO
Memory	Trident Z 32GB
Video Card(s)	EVGA FTW 3080 12GB
Display(s)	LG 42" OLED
Case	Lian Li 011 Dynamic Evo
Power Supply	SeaSonic 850W
Software	Windows 11