STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
References
Link | Resource |
---|---|
http://tpm.fail | Third Party Advisory |
https://support.f5.com/csp/article/K32412503?utm_source=f5support&utm_medium=RSS | Third Party Advisory |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us | Third Party Advisory |
https://support.lenovo.com/us/en/product_security/LEN-29406 | Third Party Advisory |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024 | Third Party Advisory |
https://www.st.com/content/st_com/en/campaigns/tpm-update.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Information
Published : 2019-11-13 19:15
Updated : 2022-05-03 07:28
NVD link : CVE-2019-16863
Mitre link : CVE-2019-16863
JSON object : View
Products Affected
st
- st33tphf20spi_firmware
- st33tphf20i2c
- st33tphf20spi
- st33tphf20i2c_firmware
- st33tphf2ei2c
- st33tphf2espi
- st33tphf2ei2c_firmware
- st33tphf2espi_firmware