CVE-2020-26933

HIGH

TCG Trusted Platform Module Library Family 2.0 - Info Disclosure

Title source: llm

Description

Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.

References (2)

[Vendor Advisory] https://trustedcomputinggroup.org/about/security/

[Vendor Advisory] https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf

Scores

CVSS v3 7.2

EPSS 0.0005

EPSS Percentile 15.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Details

CWE

CWE-665

Status published

Products (1)

trustedcomputinggroup/trusted_platform_module 2.0 revision_1.38 (3 CPE variants)

Published Nov 18, 2020

Tracked Since Feb 18, 2026