An gano rashin lahani (CVE-2023-1017, CVE-2023-1018) a cikin lambar TPM 2.0 (Trusted Platform Module) aiwatar da tunani. Waɗannan raunin suna ba da damar karantawa ko rubuta bayanai daga kan iyaka. Hare-hare kan aiwatar da cryptoprocessor ta amfani da lambar mara ƙarfi na iya haifar da cirewa ko sake rubuta bayanan kan guntu, kamar maɓallan cryptographic. Ƙarfin sake rubuta bayanai a cikin firmware na TPM na iya amfani da maharin don aiwatar da lambar su a cikin mahallin TPM. Ana iya amfani da wannan, alal misali, don aiwatar da bayan gida da ke gudana akan TPM kuma tsarin aiki ba zai iya gano shi ba.
Abubuwan lahanin suna faruwa ne ta hanyar duba kuskuren girman ma'aunin aikin CryptParameterDecryption(), ba da damar rubuta bytes biyu ko karanta bayan ƙarshen buffer ɗin da aka wuce zuwa aikin ExecuteCommand(), wanda ya ƙunshi umarnin TPM2.0. Dangane da aiwatar da firmware, waɗannan bytes biyu da aka sake rubutawa na iya lalata ƙwaƙwalwar ajiyar da ba a yi amfani da su ba, bayanai, ko masu nuni.
Ana amfani da raunin ta hanyar aika umarni na musamman zuwa tsarin TPM (dole ne mai hari ya sami damar yin amfani da hanyar sadarwa ta TPM). An magance batutuwan a cikin sabunta ƙayyadaddun TPM 2.0 da aka fitar a cikin Janairu (1.59 Errata 1.4, 1.38 Errata 1.13, 1.16 Errata 1.6).
Laburaren libtpms mai buɗewa, wanda aka yi amfani da shi don kwaikwayar software na samfuran TPM da haɗa tallafin TPM cikin masu haɓakawa, shima yana da rauni. An daidaita raunin a cikin libtpms 0.9.6.
source: budenet.ru
