Intel PTT and SPS Firmware Out-of-Bounds Read Vulnerability Allowing Denial-of-Service

An out-of-bounds read vulnerability has been identified in the CryptHmacSign function of the TCG TPM 2.0 reference implementation, specifically in Version 1.83. This vulnerability arises from a lack of proper validation of the signature scheme against the algorithm of the signature key, allowing an authenticated local user to send maliciously crafted commands. Exploitation of this vulnerability could lead to unauthorized access to sensitive data or cause a denial-of-service condition on the TPM.

Impact

Exploitation of this vulnerability can result in a denial-of-service condition on the TPM, causing it to become unresponsive or unavailable for cryptographic functions. Additionally, the out-of-bounds read could potentially allow for unauthorized access to sensitive data stored in the TPM, depending on the specific implementation.

Remediation

Users are advised to update to the latest version of Intel PTT or Intel SPS firmware provided by their system manufacturer that addresses this vulnerability. TPM 2.0 vendors should also use the latest specifications and reference implementations to ensure vulnerabilities are resolved.