CVE-2023-1017: CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Mar

Released

2023-03-14

EPSS Score

1.11% (percentile: 78.1%)

FAQ

How could an attacker exploit this vulnerability? By leveraging malicious TPM commands from a guest VM to a target running Hyper-V, an attacker can cause an out of bounds write in the root partition. Why is the CERT/CC the assigning CNA (CVE Numbering Authority)? This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.

Affected Products (13)

Windows

• Windows 10 Version 1809 for x64-based Systems
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows 11 version 21H2 for x64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows 11 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 10 for x64-based Systems
• Windows 10 Version 1607 for x64-based Systems
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

Security Updates (7)

• 5023702
• 5023705
• 5023698
• 5023696
• 5023706
• 5023713
• 5023697

Acknowledgments

Francisco Falcon, Quarkslab

Revision History

• 2023-03-14: Information published.