CVE-2020-12926
low-risk
Published 2020-11-12
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
PHYSICAL
/ HIGH complexity
Affected Products (1)
Trusted Platform Modules Reference
Affected Vendors
References (2)
Vendor Advisory
https://www.amd.com/en/corporate/product-security
Vendor Advisory
https://www.amd.com/en/corporate/product-security
22
/ 100
low-risk
Severity
17/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal