Vulnerabilities > CVE-2019-16863 - Information Exposure Through Discrepancy vulnerability in ST products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

CWE-203

NVD

Published: 2019-11-14

Updated: 2023-11-07

Summary

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

Vulnerable Configurations

Part	Description	Count
OS	St ST St33Tphf2Espi Firmware 71.0 ST St33Tphf2Espi Firmware 71.4 ST St33Tphf2Espi Firmware 71.12 ST St33Tphf2Espi Firmware 73.0 ST St33Tphf2Espi Firmware 73.4 ST St33Tphf2Espi Firmware 73.8 ST St33Tphf2Ei2C Firmware 73.5 ST St33Tphf2Ei2C Firmware 73.9 ST St33Tphf20Spi Firmware 74.0 ST St33Tphf20Spi Firmware 74.4 ST St33Tphf20Spi Firmware 74.8 ST St33Tphf20Spi Firmware 74.16 ST St33Tphf20I2C Firmware 74.5 ST St33Tphf20I2C Firmware 74.9	14
Hardware	St ST St33Tphf2Espi - ST St33Tphf2Ei2C - ST St33Tphf20Spi - ST St33Tphf20I2C -	4

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

The Hacker News

id	THN:BAA74F37E5ED293596C20A2281BF1267
last seen	2019-11-13
modified	2019-11-13
published	2019-11-13
reporter	The Hacker News
source	https://thehackernews.com/2019/11/tpm-encryption-keys-hacking.html
title	Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

The Hacker News

References