New Vulnerabilities in TPM 2.0 May Affect IoT and Enterprise Devices

Researchers at Quarkslab unveiled two bugs in the Trusted Platform Module (TPM) 2.0 reference library specification. The attacks could potentially lead to information disclosure or privilege escalation. The first bug, CVE-2023-1017, concerns an out-of-bounds write while the other bug, CVE-2023-1018, is an out-of-bounds read issue. Billions of internet-connected devices across different organizations are vulnerable to the threat.