Medium severity6.6OSV Advisory· Published Jun 10, 2025· Updated Apr 15, 2026
CVE-2025-2884
CVE-2025-2884
Description
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: v0.10.0, v0.10.0-rc1, v0.5.2, …
Patches
Vulnerability mechanics
References
8- cert-portal.siemens.com/productcert/html/ssa-628843.htmlnvd
- github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1nvd
- trustedcomputinggroup.org/about/security/nvd
- trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdfnvd
- trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdfnvd
- www.cve.org/CVERecordnvd
- www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.htmlnvd
- www.kb.cert.org/vuls/id/282450nvd
News mentions
1- Siemens TPM 2.0CISA Alerts