Vulnerabilities > CVE-2018-6622 - Unspecified vulnerability in Trustedcomputinggroup Trusted Platform Module 2.0

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

trustedcomputinggroup

NVD

Published: 2018-08-17

Updated: 2019-10-03

Summary

An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.

Vulnerable Configurations

Part	Description	Count
Application	Trustedcomputinggroup Trustedcomputinggroup Trusted Platform Module 2.0	1

References

https://www.usenix.org/conference/usenixsecurity18/presentation/han
http://www.securityfocus.com/bid/105203