First published: Fri Aug 17 2018(Updated: )
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Trustedcomputinggroup Trusted Platform Module | =2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2018-6622.
The severity of CVE-2018-6622 is high with a score of 7.1.
The Trusted Computing Group Trusted Platform Module (TPM) version 2.0 is affected by CVE-2018-6622.
This firmware vulnerability can cause issues during the S3 sleep state in BIOS firmware that makes a certain realistic interpretation of an obscure portion of the TCG TPM 2.0 specification.
More information about CVE-2018-6622 can be found at the following references: [securityfocus.com](http://www.securityfocus.com/bid/105203) and [usenix.org](https://www.usenix.org/conference/usenixsecurity18/presentation/han).