CVE-2020-12926

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.

CVSS v3 6.4 MEDIUM
CVSS v2.0 4.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.amd.com/en/corporate/product-security	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:amd:trusted_platform_modules_reference:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-12 20:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-12926

Mitre link : CVE-2020-12926

CVE.ORG link : CVE-2020-12926

JSON object : View

Products Affected

amd

trusted_platform_modules_reference

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2020-12926", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2020-11-12T20:15:15.283", "references": [{"url": "https://www.amd.com/en/corporate/product-security", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}, {"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device."}, {"lang": "es", "value": "Es posible que el software de referencia Trusted Platform Modules (TPM) no rastree correctamente la cantidad de veces que ocurre un apagado fallido. Esto puede dejar al TPM en un estado en el que el material de la clave confidencial del TPM puede verse comprometido. AMD cree que el ataque requiere acceso f\u00edsico al dispositivo porque la energ\u00eda debe encenderse y apagarse repetidamente. Este ataque potencial puede ser usado para cambiar informaci\u00f3n confidencial, alterar los ejecutables firmados por material de clave en el TPM o crear una denegaci\u00f3n de servicio del dispositivo"}], "lastModified": "2020-11-30T17:05:13.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amd:trusted_platform_modules_reference:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAFE26DC-F3B5-4236-886D-98CD784A8197"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}