suse · CVE-2023-1017

Quick triage

Priority: high Published: 2023-03-09 00:15:25 UTC Updated: 2026-03-05 03:58:42 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2023-1017 severity important: SUSE including 11 source package names (0.58.0.20.141:libtpms0-0.8.2-150300.3.9.1, libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2, …), 43 product×package rows across 28 product lines (Container suse/sles/15.5/virt-launcher, SUSE Enterprise Storage 7.1, … (28 product lines)): Fixed 43.

Description:

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

cvelogic Threat Intelligence