CVE-2025-2884 Information

Description

TCG TPM2.0 Reference implementation’s CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key’s algorithm. See Errata 1.83 of TCG standard TPM2.0

Reference

https://trustedcomputinggroup.org/about/security/ https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html https://www.kb.cert.org/vuls/id/282450