CVE-2020-12926
Last modified
CVE-2020-12926 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.
Metrics
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Amd | Trusted Platform Modules Reference | All versions |
References
- https://www.amd.com/en/corporate/product-securityVendor Advisory
- https://www.amd.com/en/corporate/product-securityVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12926?
How severe is CVE-2020-12926?
How do I fix CVE-2020-12926?
Are you affected by CVE-2020-12926?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST