View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2023-1018 severity moderate: SUSE including 133 source package names (0.58.0.20.141:libtpms0-0.8.2-150300.3.9.1, hivex-1.3.18-23.module+el8.8.0+16781+9f4724c2, …), 165 product×package rows across 29 product lines (Container suse/sles/15.5/virt-launcher, SUSE Enterprise Storage 7.1, … (29 product lines)): Fixed 165.
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.