CVE-2020-12926 Vulnerability Details

  /     /     /  

CVE-2020-12926 Metadata Quick Info

CVE Published: 12/11/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: AMD | Vendor: n/a | Product: AMD\'s fTPM implementation
Status : PUBLISHED

---

CVE-2020-12926 Description

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-367
CWE Name: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).