来源: The Hacker News
原英文标题: <New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices>
A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation.
One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting the issues in November 2022 is cybersecurity company Quarkslab.
"These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group (TCG) said in an advisory.
Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab noted, adding they "could affect billions of devices."
TPM is a hardware-based solution (i.e., a crypto-processor) that's designed to provide secure cryptographic functions and physical security mechanisms to resist tampering efforts.
"The most common TPM functions are used for system integrity measurements and for key creation and use," Microsoft says in its documentation. "During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM."
"The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system."
The TCG consortium noted that the shortcomings are the result of a lack of necessary length checks, resulting in buffer overflows that could pave the way for local information disclosure or escalation of privileges.
Users are recommended to apply the updates released by TCG as well as other vendors to address the flaws and mitigate supply chain risks.
"Users in high-assurance computing environments should consider using TPM Remote Attestation to detect any changes to devices and ensure their TPM is tamper proofed," the CERT Coordination Center (CERT/CC) said in an alert.
可信平台模块(TPM)2.0参考库规范中披露了一对严重的安全缺陷,有可能导致信息泄露或权限升级。
其中一个漏洞,CVE-2023-1017,涉及越界写入,而另一个,CVE-2023-1018,被描述为越界读取。在2022年11月发现并报告这些问题的是网络安全公司Quarkslab。
"可信计算小组(TCG)在一份公告中说:"这些漏洞可以通过向TPM 2.0发送恶意命令从用户模式的应用程序中触发,而TPM 2.0的固件是基于受影响的TCG参考实现。
Quarkslab指出,大型技术供应商、使用企业计算机的组织、服务器、物联网设备和包含TPM的嵌入式系统都可能受到这些缺陷的影响,并补充说它们 "可能影响数十亿台设备"。
TPM是一个基于硬件的解决方案(即一个密码处理器),旨在提供安全的加密功能和物理安全机制,以抵制篡改行为。
"最常见的TPM功能用于系统完整性测量以及密钥的创建和使用,"微软在其文档中说。"在系统的启动过程中,加载的启动代码(包括固件和操作系统组件)可以被测量并记录在TPM中。"
"完整性测量可以作为系统如何启动的证据,并确保基于TPM的密钥只有在使用正确的软件启动系统时才被使用。"
TCG联盟指出,这些缺陷是缺乏必要的长度检查的结果,导致缓冲区溢出,可能为本地信息泄露或权限升级铺平道路。
建议用户应用TCG以及其他供应商发布的更新,以解决这些缺陷并减轻供应链的风险。
"CERT协调中心(CERT/CC)在一份警报中说:"高安全性计算环境中的用户应该考虑使用TPM远程验证来检测设备的任何变化,并确保他们的TPM是防篡改的。 |
310112100042806
发表于 2023-3-10 19:38
