Security Defects in TPM 2.0 Spec Raise Alarm
The vulnerabilities, tracked as CVE-2023-1017 and CVE-2023-1018, provide pathways for an authenticated, local attacker to overwrite protected data in the TPM firmware and launch code execution attacks, according to an advisory from Carnegie Mellon’s CERT coordination center. From the CERT alert: “An authenticated, local attacker could send maliciously crafted commands to a vulnerable TPM allowing…