CVE-2025-2884 (GCVE-0-2025-2884)
Vulnerability from cvelistv5
Published
2025-06-10 17:29
Modified
2025-06-13 18:22
Severity ?
CWE
Summary
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
References
Impacted products
Vendor Product Version
Trusted Computing Group TPM2.0 Version: 0   < 1.83
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-06-10T19:02:29.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/282450"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-2884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T01:41:10.489446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T01:46:13.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TPM2.0",
          "vendor": "Trusted Computing Group",
          "versions": [
            {
              "lessThan": "1.83",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TCG TPM2.0 Reference implementation\u0027s CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key\u0027s algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "id": "CVE-2025-2884",
              "selections": [
                {
                  "name": "Exploitation",
                  "namespace": "ssvc",
                  "values": [
                    "none"
                  ],
                  "version": "1.0.0"
                },
                {
                  "name": "Automatable",
                  "namespace": "ssvc",
                  "values": [
                    "no"
                  ],
                  "version": "2.0.0"
                },
                {
                  "name": "Technical Impact",
                  "namespace": "ssvc",
                  "values": [
                    "partial"
                  ],
                  "version": "1.0.0"
                },
                {
                  "name": "Mission \u0026 Well-being",
                  "namespace": "ssvc",
                  "values": [
                    "medium"
                  ],
                  "version": "1.0.0"
                }
              ],
              "timestamp": "2025-06-13T17:22:30.584Z"
            },
            "type": "ssvcV1_0_1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-13T18:22:21.856Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://trustedcomputinggroup.org/about/security/"
        },
        {
          "name": "TPM2.0 Errata",
          "url": "https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf"
        },
        {
          "name": "Vendor Advisory",
          "url": "https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf"
        },
        {
          "name": "Vendor Patch",
          "url": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1"
        },
        {
          "name": "Related CVE",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49133"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation",
      "x_generator": {
        "engine": "VINCE 3.0.20",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-2884"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-2884",
    "datePublished": "2025-06-10T17:29:19.463Z",
    "dateReserved": "2025-03-27T21:01:41.908Z",
    "dateUpdated": "2025-06-13T18:22:21.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-2884\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2025-06-10T18:15:30.617\",\"lastModified\":\"2025-06-13T18:15:21.710\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TCG TPM2.0 Reference implementation\u0027s CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key\u0027s algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n auxiliar CryptHmacSign de la implementaci\u00f3n de referencia TCG TPM2.0 es vulnerable a lecturas fuera de los l\u00edmites debido a la falta de validaci\u00f3n del esquema de firma con el algoritmo de la clave de firma. Consulte la errata 1.83 del est\u00e1ndar TCG TPM2.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1\",\"source\":\"cret@cert.org\"},{\"url\":\"https://trustedcomputinggroup.org/about/security/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2025-49133\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/282450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/282450\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-06-10T19:02:29.811Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2884\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-13T01:41:10.489446Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-11T15:04:54.186Z\"}}], \"cna\": {\"title\": \"Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation\", \"source\": {\"discovery\": \"INTERNAL\"}, \"metrics\": [{\"other\": {\"type\": \"ssvcV1_0_1\", \"content\": {\"id\": \"CVE-2025-2884\", \"timestamp\": \"2025-06-13T17:22:30.584Z\", \"selections\": [{\"name\": \"Exploitation\", \"values\": [\"none\"], \"version\": \"1.0.0\", \"namespace\": \"ssvc\"}, {\"name\": \"Automatable\", \"values\": [\"no\"], \"version\": \"2.0.0\", \"namespace\": \"ssvc\"}, {\"name\": \"Technical Impact\", \"values\": [\"partial\"], \"version\": \"1.0.0\", \"namespace\": \"ssvc\"}, {\"name\": \"Mission \u0026 Well-being\", \"values\": [\"medium\"], \"version\": \"1.0.0\", \"namespace\": \"ssvc\"}]}}}], \"affected\": [{\"vendor\": \"Trusted Computing Group\", \"product\": \"TPM2.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.83\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://trustedcomputinggroup.org/about/security/\"}, {\"url\": \"https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf\", \"name\": \"TPM2.0 Errata\"}, {\"url\": \"https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf\", \"name\": \"Vendor Advisory\"}, {\"url\": \"https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1\", \"name\": \"Vendor Patch\"}, {\"url\": \"https://www.cve.org/CVERecord?id=CVE-2025-49133\", \"name\": \"Related CVE\"}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 3.0.20\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2025-2884\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"TCG TPM2.0 Reference implementation\u0027s CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key\u0027s algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"shortName\": \"certcc\", \"dateUpdated\": \"2025-06-13T18:22:21.856Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-2884\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-13T18:22:21.856Z\", \"dateReserved\": \"2025-03-27T21:01:41.908Z\", \"assignerOrgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"datePublished\": \"2025-06-10T17:29:19.463Z\", \"assignerShortName\": \"certcc\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.