CVE-2023-1018 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
certcc	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Vendor	Product	Version
trustedcomputinggroup	trusted_platform_module	2.0:revision_1.16
trustedcomputinggroup	trusted_platform_module	2.0:revision_1.38
trustedcomputinggroup	trusted_platform_module	2.0:revision_1.59
microsoft	windows_10_1507	𝑥 < 10.0.10240.19805
microsoft	windows_10_1607	𝑥 < 10.0.14393.5786
microsoft	windows_10_1809	𝑥 < 10.0.17763.4131
microsoft	windows_10_20h2	𝑥 < 10.0.19042.2728
microsoft	windows_10_21h2	𝑥 < 10.0.19044.2728
microsoft	windows_10_22h2	𝑥 < 10.0.19045.2728
microsoft	windows_11_21h2	𝑥 < 10.0.22000.1696
microsoft	windows_11_22h2	𝑥 < 10.0.22621.1413
microsoft	windows_server_2016	𝑥 < 10.0.14393.5786
microsoft	windows_server_2019	𝑥 < 10.0.17763.4131
microsoft	windows_server_2022	𝑥 < 10.0.20348.1607

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libtpms

bookworm (security)	vulnerable
trixie	0.9.2-3.1 fixed
bookworm	0.9.2-3.1 fixed
sid	0.9.2-3.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libtpms

kinetic	Fixed 0.9.3-0ubuntu1.22.10.1 released
jammy	Fixed 0.9.3-0ubuntu1.22.04.1 released
focal	dne
bionic	dne
xenial	ignored
trusty	ignored

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://kb.cert.org/vuls/id/782720

https://trustedcomputinggroup.org/about/security/

https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf

https://kb.cert.org/vuls/id/782720

https://trustedcomputinggroup.org/about/security/

https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf