Vulnerabilities in TPM implementations provided by Intel and ST.
External References: https://tpm.fail/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html https://www.st.com/content/st_com/en/campaigns/tpm-update.html
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11090 https://access.redhat.com/security/cve/cve-2019-16863
Statement: This is a vulnerability in TPM firmware distributed by hardware vendors, not by Red Hat. Red Hat Enterprise Linux exposes the TPM device at /dev/tpm* where it is available for software with the correct privileges to use. Customers are advised to always ensure that firmware updates from hardware vendors are kept up to date with security fixes.
Mitigation: To remediate this vulnerability, install relevant firmware updates from your hardware vendor and follow their advice to regenerate keys that may be vulnerable or compromised. STMicroelectronics, Intel and OEMs have published firmware updates and advice at the links provided in the External References section.