Vulnerability Details CVE-2019-16863
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.0%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://tpm.fail
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024
- https://support.f5.com/csp/article/K32412503?utm_source=f5support&%3Butm_medium=RSS
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us
- https://support.lenovo.com/us/en/product_security/LEN-29406
- https://www.st.com/content/st_com/en/campaigns/tpm-update.html
- http://tpm.fail
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024
- https://support.f5.com/csp/article/K32412503?utm_source=f5support&%3Butm_medium=RSS
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us
- https://support.lenovo.com/us/en/product_security/LEN-29406
- https://www.st.com/content/st_com/en/campaigns/tpm-update.html
Products affected by CVE-2019-16863
-
cpe:2.3:h:st:st33tphf20i2c:-
-
cpe:2.3:h:st:st33tphf20spi:-
-
cpe:2.3:h:st:st33tphf2ei2c:-
-
cpe:2.3:h:st:st33tphf2espi:-
-
cpe:2.3:o:st:st33tphf20i2c_firmware:74.5
-
cpe:2.3:o:st:st33tphf20i2c_firmware:74.9
-
cpe:2.3:o:st:st33tphf20spi_firmware:74.0
-
cpe:2.3:o:st:st33tphf20spi_firmware:74.16
-
cpe:2.3:o:st:st33tphf20spi_firmware:74.4
-
cpe:2.3:o:st:st33tphf20spi_firmware:74.8
-
cpe:2.3:o:st:st33tphf2ei2c_firmware:73.5
-
cpe:2.3:o:st:st33tphf2ei2c_firmware:73.9
-
cpe:2.3:o:st:st33tphf2espi_firmware:71.0
-
cpe:2.3:o:st:st33tphf2espi_firmware:71.12
-
cpe:2.3:o:st:st33tphf2espi_firmware:71.4
-
cpe:2.3:o:st:st33tphf2espi_firmware:73.0
-
cpe:2.3:o:st:st33tphf2espi_firmware:73.4
-
cpe:2.3:o:st:st33tphf2espi_firmware:73.8