Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12926

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.

Published

2020-11-12T20:15:15.283

Last Modified

2024-11-21T05:00:32.930

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.4

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-367
Type: Primary
CWE-367

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amd	trusted_platform_modules_reference	-	Yes

References

https://www.amd.com/en/corporate/product-security Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)