CVE-2025-2884

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
https://trustedcomputinggroup.org/about/security/
https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
https://www.cve.org/CVERecord?id=CVE-2025-49133
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html
https://www.kb.cert.org/vuls/id/282450

Configurations

No configuration.

History

13 Jun 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 18:15

Updated : 2025-06-13 18:15

NVD link : CVE-2025-2884

Mitre link : CVE-2025-2884

CVE.ORG link : CVE-2025-2884

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-2884", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.3}]}, "published": "2025-06-10T18:15:30.617", "references": [{"url": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1", "source": "cret@cert.org"}, {"url": "https://trustedcomputinggroup.org/about/security/", "source": "cret@cert.org"}, {"url": "https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf", "source": "cret@cert.org"}, {"url": "https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf", "source": "cret@cert.org"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-49133", "source": "cret@cert.org"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/282450", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0"}, {"lang": "es", "value": "La funci\u00f3n auxiliar CryptHmacSign de la implementaci\u00f3n de referencia TCG TPM2.0 es vulnerable a lecturas fuera de los l\u00edmites debido a la falta de validaci\u00f3n del esquema de firma con el algoritmo de la clave de firma. Consulte la errata 1.83 del est\u00e1ndar TCG TPM2.0."}], "lastModified": "2025-06-13T18:15:21.710", "sourceIdentifier": "cret@cert.org"}