CVE Vulnerabilities

CVE-2020-12926

Time-of-check Time-of-use (TOCTOU) Race Condition

Published: Nov 12, 2020 | Modified: Nov 30, 2020
CVSS 3.x
6.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.

Weakness

The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

Affected Software

Name Vendor Start Version End Version
Trusted_platform_modules_reference Amd - (including) - (including)

Potential Mitigations

References