CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.

[CVE-2025-2884](https://www.cve.org/CVERecord?id=CVE-2025-2884) is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CVE on their behalf. The documented Windows updates incorporate updates in TCG TPM2.0 Reference implementation which address this vulnerability. Please see [CVE-2025-2884](https://www.cve.org/CVERecord?id=CVE-2025-2884) for more information.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.