github - ghsa-3fxc-2crv-fg9x

ghsa-3fxc-2crv-fg9x

Vulnerability from github

Published

2025-06-10 18:32

Modified

2025-06-13 18:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata 1.83 of TCG standard TPM2.0

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-2884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T18:15:30Z",
    "severity": "CRITICAL"
  },
  "details": "TCG TPM2.0 Reference implementation\u0027s CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key\u0027s algorithm. See Errata 1.83 of TCG standard TPM2.0",
  "id": "GHSA-3fxc-2crv-fg9x",
  "modified": "2025-06-13T18:30:34Z",
  "published": "2025-06-10T18:32:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2884"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1"
    },
    {
      "type": "WEB",
      "url": "https://trustedcomputinggroup.org/about/security"
    },
    {
      "type": "WEB",
      "url": "https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf"
    },
    {
      "type": "WEB",
      "url": "https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49133"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/282450"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-2884 (GCVE-0-2025-2884)

Vulnerability from cvelistv5

Published

2025-06-10 17:29

Modified

2025-06-13 18:22

Severity ?

CWE

CWE-125 Out-of-bounds Read

Summary

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

References

URL

Tags

	https://trustedcomputinggroup.org/about/security/
	https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
	https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
	https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
	https://www.cve.org/CVERecord?id=CVE-2025-49133

Impacted products

	Vendor	Product	Version
	Trusted Computing Group	TPM2.0	Version: 0 < 1.83

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-06-10T19:02:29.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/282450"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-2884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T01:41:10.489446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T01:46:13.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TPM2.0",
          "vendor": "Trusted Computing Group",
          "versions": [
            {
              "lessThan": "1.83",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TCG TPM2.0 Reference implementation\u0027s CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key\u0027s algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "id": "CVE-2025-2884",
              "selections": [
                {
                  "name": "Exploitation",
                  "namespace": "ssvc",
                  "values": [
                    "none"
                  ],
                  "version": "1.0.0"
                },
                {
                  "name": "Automatable",
                  "namespace": "ssvc",
                  "values": [
                    "no"
                  ],
                  "version": "2.0.0"
                },
                {
                  "name": "Technical Impact",
                  "namespace": "ssvc",
                  "values": [
                    "partial"
                  ],
                  "version": "1.0.0"
                },
                {
                  "name": "Mission \u0026 Well-being",
                  "namespace": "ssvc",
                  "values": [
                    "medium"
                  ],
                  "version": "1.0.0"
                }
              ],
              "timestamp": "2025-06-13T17:22:30.584Z"
            },
            "type": "ssvcV1_0_1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-13T18:22:21.856Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://trustedcomputinggroup.org/about/security/"
        },
        {
          "name": "TPM2.0 Errata",
          "url": "https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf"
        },
        {
          "name": "Vendor Advisory",
          "url": "https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf"
        },
        {
          "name": "Vendor Patch",
          "url": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1"
        },
        {
          "name": "Related CVE",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49133"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation",
      "x_generator": {
        "engine": "VINCE 3.0.20",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-2884"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-2884",
    "datePublished": "2025-06-10T17:29:19.463Z",
    "dateReserved": "2025-03-27T21:01:41.908Z",
    "dateUpdated": "2025-06-13T18:22:21.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.