CVE-2019-16863

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:st:st33tphf2espi_firmware:71.0:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:71.4:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:71.12:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:73.0:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:73.4:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2espi_firmware:73.8:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf2espi:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:st:st33tphf2ei2c_firmware:73.5:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf2ei2c_firmware:73.9:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf2ei2c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:st:st33tphf20spi_firmware:74.0:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20spi_firmware:74.4:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20spi_firmware:74.8:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20spi_firmware:74.16:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf20spi:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:st:st33tphf20i2c_firmware:74.5:*:*:*:*:*:*:*
cpe:2.3:o:st:st33tphf20i2c_firmware:74.9:*:*:*:*:*:*:*
cpe:2.3:h:st:st33tphf20i2c:-:*:*:*:*:*:*:*

Information

Published : 2019-11-13 19:15

Updated : 2022-05-03 07:28


NVD link : CVE-2019-16863

Mitre link : CVE-2019-16863


JSON object : View

CWE
CWE-203

Observable Discrepancy

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

Advertisement

dedicated server usa

Products Affected

st

  • st33tphf20spi_firmware
  • st33tphf20i2c
  • st33tphf20spi
  • st33tphf20i2c_firmware
  • st33tphf2ei2c
  • st33tphf2espi
  • st33tphf2ei2c_firmware
  • st33tphf2espi_firmware