CVE-2018-6622
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
Se descubrió un problema que afecta a todos los fabricantes de firmware de BIOS que realizan una cierta interpretación realista de una porción ofuscada de la especificación Trusted Platform Module (TPM) de Trusted Computing Group (TCG). Un caso anormal no es manejado correctamente por este firmware mientras S3 está en reposo y puede borrar TPM 2.0. Permite a los usuarios locales sobrescribir PCRs estáticos de TPM y neutralizar las características de seguridad de los mismos, como el sellado/desellado y la certificación remota.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-04 CVE Reserved
- 2018-08-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105203 | Third Party Advisory | |
https://www.usenix.org/conference/usenixsecurity18/presentation/han | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trustedcomputinggroup Search vendor "Trustedcomputinggroup" | Trusted Platform Module Search vendor "Trustedcomputinggroup" for product "Trusted Platform Module" | 2.0 Search vendor "Trustedcomputinggroup" for product "Trusted Platform Module" and version "2.0" | - |
Affected
|