CVE-2018-6622
Last modified
CVE-2018-6622 is a vulnerability of currently unknown severity. An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trustedcomputinggroup | Trusted Platform Module | 2.0 |
References
- http://www.securityfocus.com/bid/105203Third Party Advisory, VDB Entry
- https://www.usenix.org/conference/usenixsecurity18/presentation/hanThird Party Advisory
- http://www.securityfocus.com/bid/105203Third Party Advisory, VDB Entry
- https://www.usenix.org/conference/usenixsecurity18/presentation/hanThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-6622?
How severe is CVE-2018-6622?
How do I fix CVE-2018-6622?
Are you affected by CVE-2018-6622?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST