suse · CVE-2023-1018

Quick triage

Priority: medium Published: 2023-03-09 00:15:25 UTC Updated: 2026-03-05 03:58:41 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2023-1018 severity moderate: SUSE including 133 source package names (0.58.0.20.141:libtpms0-0.8.2-150300.3.9.1, hivex-1.3.18-23.module+el8.8.0+16781+9f4724c2, …), 165 product×package rows across 29 product lines (Container suse/sles/15.5/virt-launcher, SUSE Enterprise Storage 7.1, … (29 product lines)): Fixed 165.

Description:

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

cvelogic Threat Intelligence