Skip to content

The Trusted Platform Modules (TPM) reference software may...

Moderate severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.

References

Published by the National Vulnerability Database Nov 12, 2020
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 29, 2023

Severity

Moderate

EPSS score

0.070%
(32nd percentile)

Weaknesses

CVE ID

CVE-2020-12926

GHSA ID

GHSA-898h-342v-mpjx

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.