Nuvoton TPM Denial of Service Vulnerability
Nuvoton TPM Denial of Service Vulnerability
Nuvoton TPM Denial of Service Vulnerability
Lenovo Security Advisory: LEN-118320
Potential Impact: Denial of Service
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2023-1017
Summary Description:
An out-of-bounds write vulnerability exists in TPM2.0's Module Library. An attacker who can successfully exploit this vulnerability can lead to denial of service in Nuvoton Trusted Platform Module (TPM) NPCT65x. The attack does not succeed in writing to or corrupting the TPM but does cause it to become inaccessible as it enters a recoverable protection mode intended to safeguard the TPM and its contents.
Lenovo servers listed in the product table below contain Nuvoton’s NPCT65X and are vulnerable to CVE-2023-1017, if configured in TPM 2.0 mode (only). Attacks can trigger the TPM to enter a protected state, which is recoverable with an AC power cycle (hard reset).
Products in TPM 1.2 mode or with Nuvoton’s NPCT7XX TPM are not vulnerable to CVE-2023-1017. Many Lenovo servers listed in the product impact tables below were shipped with TPM 1.2 mode set as default and would have required manual interaction from a customer to toggle to TPM 2.0 mode. See below for additional information on default TPM mode version.
Lenovo servers are not vulnerable to CVE-2023-1018.
Lenovo is working with Nuvoton on a TPM firmware update to address this issue. Interim mitigations include following general security best practices, such as limiting privileged operating system access to trusted users and running only trusted code.
See Nuvoton’s security advisory for more details: https://www.nuvoton.com/support/security/security-advisories/sa-003/
Affected Product(s): NPCT65x TPM in 2.0 mode (only) with firmware 1.3.0.1, 1.3.1.0 & 1.3.2.8
NOTE: Upgrading to the firmware listed in the product table below will mitigate against CVE-2023-1017, however this fix will not be TCG, Common Criteria (CC) or FIPS 140 certified. Nuvoton recommends that TPM 2.0 users apply the NPCT65x TPM 2.0 firmware update once available.
The TPM endorsement key contains TPM chip, and base TPM firmware version information which can be used to help identify affected systems.
For Windows, use the Get-TpmEndorsementKeyInfo powershell command:
Get -TpmEndorsementKeyInfo
<details removed for readability>
ManufacturerCertificates : {[Subject]
TPMManufacturer=id:4E544300 + TPMModel=NPCT6xx + TPMVersion=id:13
For Linux systems, tpm2-tools can assist in retrieving the TPM endorsement key certificate from the host system using the tpm2_getekcertificate command. OpenSSL can then be used to decode the endorsement key certificate:
tpm2_getekcertificate -o tpmek1.cer
openssl x509 -in tpmek1.cer-text -noout
<details removed for readability>
X509v3 Subject Alternative Name: critical
DirName:/2.23.133.2.1=id:4E544300/2.23.133.2.2=NPCT6xx/2.23.133.2.3=id:13
NPCT6xx indicates the NPCT65x TPM chip is used. id:13 indicates the TPM is in TPM 2.0 mode, running firmware v1.3.x, and may be affected. id:0581 indicates the TPM is in TPM 1.2 mode, running firmware v5.81.x, and not affected as currently configured.
The TPM mode and specific firmware version in use can be found in UEFI Setup under System Settings -> Security -> Trusted Platform Module -> TPM <mode> -> TPM Firmware Version. <mode> will indicate either 1.2 or 2.0.
Mitigation Strategy for Customers (what you should do to protect yourself):
Nuvoton recommends updating your firmware to the latest version (or newer) indicated for your model in the Product Impact section below.
Some systems may require multiple steps to update the TPM firmware, such as first installing an UEFI firmware update and then using UEFI Setup to update the TPM firmware. Additional guidance is provided in the Product Impact section below and in the update release notes.
A full AC power cycle (hard reset) will restore functionality to Nuvoton's NPCT65x TPM if it enters protection mode as a result of an attack related to this vulnerability.
ThinkAgile customers:
For Nutanix software, see https://www.nutanix.com/trust/security-advisories for risk exposure, resolution and mitigations.
For VMware software and appliances, see https://www.vmware.com/security/advisories.html for risk exposure, resolution and mitigations.
To download the version specified for your product below, follow these steps:
Navigate to the Drivers & Software support site for your product:
- Lenovo Products (sold worldwide, except in China): https://support.lenovo.com/
- Lenovo Products (sold in China): https://newsupport.lenovo.com.cn/
- IBM-branded System x Legacy Products: https://www.ibm.com/support/fixcentral/
- Search for your product by name or machine type.
- Click Drivers & Software on the left menu panel.
- Click on Manual Update to browse by Component type.
- Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.
Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:
PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759
Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center
Click below links to view affected products:
References:
https://www.nuvoton.com/support/security/security-advisories/sa-003/
https://support.lenovo.com/us/en/product_security/LEN-118374
https://www.nutanix.com/trust/security-advisories
https://www.vmware.com/security/advisories.html
https://kb.cert.org/vuls/id/782720
Revision History:
Revision | Date | Description |
---|---|---|
8 | 2023-08-03 | Updated product impact |
7 | 2023-06-22 | Updated product impact |
6 | 2023-06-08 | Updated product impact |
5 | 2023-04-06 | Updated product impact |
4 | 2023-03-09 | Updated product impact |
3 | 2023-03-07 | Fix Nuvoton url in Reference section |
2 | 2023-03-03 | Updated product impact |
1 | 2023-02-28 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Product Impact:
Product |
Component |
Default Shipped TPM Version |
Minimum Fixed Version |
Lenovo System x3550 M5 UEFI Firmware |
1.2 |
3.9 | |
Lenovo System x3550 M5 UEFI Firmware |
1.2 |
3.9 | |
Lenovo System x3550 M5 UEFI Firmware |
1.2 |
3.9 | |
Lenovo System x3550 M5 UEFI Firmware |
1.2 |
3.9 | |
Lenovo System x3650 M5 UEFI Firmware |
1.2 |
3.9 | |
Lenovo System x3650 M5 UEFI Firmware |
1.2 |
3.9 | |
Lenovo System x3650 M5 UEFI Firmware |
1.2 |
3.9 | |
Lenovo System x3650 M5 UEFI Firmware |
1.2 |
3.9 |
Product |
Component |
Default TPM Version |
Minimum Fixed Version |
BIOS - ThinkSystem HR610X/HR630X/HR650X |
2.0 |
HR6N0666 |
|
BIOS - ThinkSystem HR610X/HR630X/HR650X |
2.0 |
HR6N0666 |
|
BIOS - ThinkSystem HR610X/HR630X/HR650X |
2.0 |
HR6N0666 |
Product |
Component |
Default TPM Version |
Minimum Fixed Version |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h
|
|
DX8200 UEFI Firmware |
1.2 |
3.9 | |
DX8200 UEFI Firmware |
1.2 |
3.9 | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
DX8200 UEFI Firmware |
1.2 |
3.9 |
Product |
Component |
Default TPM Version |
Minimum Fixed Version |
Lenovo NeXtScale nx360 M5 Compute Node UEFI Firmware |
1.2 |
3.60 | |
Lenovo NeXtScale nx360 M5 Compute Node UEFI Firmware |
1.2 |
3.60 |
|
Lenovo Flex Compute Node x240 M5 UEFI Firmware |
1.2 |
3.70 | |
Lenovo Flex System x240 M5 Compute Node UEFI Firmware |
1.2 |
3.70 | |
Lenovo Flex System x280 X6, x480 X6, and x880 X6 Compute Node UEFI Firmware |
1.2 |
3.70 | |
Lenovo Flex System x280 X6, x480 X6, and x880 X6 Compute Node UEFI Firmware |
1.2 |
3.90 | |
Lenovo Flex System x280 X6, x480 X6, and x880 X6 Compute Node UEFI Firmware |
1.2 |
3.90 | |
Lenovo System x3250 M6 UEFI Firmware |
1.2 |
3.90 | |
Lenovo System x3500 M5 UEFI Firmware |
1.2 |
3.90 | |
Lenovo System x3550 M5 UEFI Firmware |
1.2 |
3.90 | |
Lenovo System x3650 M5 UEFI Firmware |
1.2 |
3.90 | |
System x3850 X6 / x3950 X6 UEFI Firmware |
1.2 |
5.40 | |
System x3850 X6 / x3950 X6 UEFI Firmware |
1.2 |
5.40 |
Product |
Component |
Default TPM Version |
Minimum Fixed Version |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h |
|
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR950 UEFI Firmware (For AnyOS) |
1.2 |
pse148j |
|
Lenovo ThinkSystem SR950 UEFI Firmware (For AnyOS) |
1.2 |
pse148j |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h |
|
Lenovo ThinkSystem SR950 UEFI Firmware (For AnyOS) |
1.2 |
pse148j |
|
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h |
|
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SR950 UEFI Firmware (For AnyOS) |
1.2 |
pse148j |
Product |
Component |
Default TPM Version |
Minimum Fixed Version |
BIOS Update Utility for Windows (64-bit) - ThinkServer RS160 |
2.0 |
Service call required. Contact support. | |
BIOS Update Utility for Windows (64-bit) - ThinkServer RS160 |
2.0 |
Service call required. Contact support. | |
BIOS Update Utility for Windows (64-bit) - ThinkServer TS460 |
2.0 |
Service call required. Contact support. | |
BIOS Update Utility for Windows (64-bit) - ThinkServer TS460 |
2.0 |
Service call required. Contact support. |
Product | Component | Default TPM Version | Minimum Fixed Version |
P920 Rack Workstation (ThinkStation) | Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) | 1.2 | ive182h |
Product |
Component |
Default TPM Version |
Minimum Fixed Version |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SD650 UEFI Firmware (For AnyOS) |
1.2 |
ote182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f |
|
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f |
|
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f |
|
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SR630/SR650/SN550/SN850 UEFI Firmware (For AnyOS) |
1.2 |
ive182h | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SD530/SR530/SR550/SR570/SR590/SR850/SR860/SR850P UEFI Firmware (For AnyOS) |
1.2 |
tee182h | |
Lenovo ThinkSystem SR950 UEFI Firmware (For AnyOS) |
1.2 |
pse148j | |
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f |
|
SR250/SR150/ST250 UEFI Firmware (For AnyOS) |
1.2 |
ise134f | |
Lenovo ThinkSystem ST550/ST558 UEFI Firmware (For AnyOS) |
1.2 |
o0e182h | |
Lenovo ThinkSystem ST550/ST558 UEFI Firmware (For AnyOS) |
1.2 |
o0e182h |
Your feedback helps to improve the overall experience