Description
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.amd.com/en/corporate/product-security
Scores
CVSS v3
6.4
EPSS
0.0004
EPSS Percentile
13.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-367
Status
published
Products (1)
amd/trusted_platform_modules_reference
Published
Nov 12, 2020
Tracked Since
Feb 18, 2026