CVE-2018-6622
Summary
| CVE | CVE-2018-6622 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-17 18:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trustedcomputinggroup | Trusted Platform Module | 2.0 | All | All | All |
| Application | Trustedcomputinggroup | Trusted Platform Module | 2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Trusted Platform Module (TPM) CVE-2018-6622 Local Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping | USENIX | MISC | www.usenix.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.