CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2019-16863
https://notcve.org/view.php?id=CVE-2019-16863
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. Los dispositivos STMicroelectronics ST33TPHF2ESPI TPM antes del 12-09-2019, permiten a atacantes extraer la clave privada ECDSA por medio de un ataque de sincronización de canal lateral porque la multiplicación escalar de ECDSA es manejada inapropiadamente, también se conoce como TPM-FAIL. • http://tpm.fail https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024 https://support.f5.com/csp/article/K32412503?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us https://support.lenovo.com/us/en/product_security/LEN-29406 https://www.st.com/content/st_com/en/campaigns/tpm-update.html • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •