Vulnerability DatabaseCVE-2023-1017

CVE-2023-1017:
vulnerability analysis and mitigation

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

Source: NVD

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

7.8

Score

Published February 28, 2023

Severity HIGH

CNA Score N/A

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 77.9

Exploitation Probability (EPSS) 1.1

Affected packages and libraries

virt-dib
virt:rhel::libguestfs-gobject

Sources

NVD
AlmaLinux Security Advisory
- AlmaLinux 9 Severity MEDIUMHas FixAdded at: May 14, 2023
Debian Security Tracker
- Debian 12 Severity HIGHHas FixAdded at: Mar 06, 2023
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Red Hat Errata
- Red Hat 8 Severity MEDIUMNo FixAdded at: Apr 18, 2023
- Red Hat 9 Severity MEDIUMHas FixAdded at: Mar 01, 2023
Ubuntu Security Tracker
- Ubuntu 22.04, 22.10 Severity MEDIUMHas FixAdded at: Mar 01, 2023