#VU111030 Out-of-bounds read in Intel products - CVE-2025-2884
Published: June 11, 2025
Vulnerability identifier: #VU111030
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-2884
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel C420 Chipset
Intel X299 Chipset
Intel C620 Series Chipset
8th Gen Intel Core processor
Intel 200 Series Chipset
Intel 100 Series Chipset
Intel 300 Series Chipset
Intel C240 Series Chipset
Pentium Gold processor series (G54XXU)
Intel Celeron Processor 4000 Series
10th Generation Intel Core Processors
Intel Pentium Processor Silver Series
Celeron processor N series
Intel 400 Series Chipset
Intel 500 series chipset
Intel C250 Series Chipset
C740 series chipset
Intel Atom x6000E series
Intel Celeron Processor J Series
Intel 600 Series Chipset
Intel 700 series chipset
Intel W790 chipset
Intel Core Ultra family
Intel Pentium Processor J4000 Series
Intel Pentium Processor N4000 Series
Intel Celeron processor J3000/N3000 series
Intel Pentium processor J5000 series
Intel Pentium processor N5000 series
Intel Celeron J4000 Processors
Intel Celeron N4000 Processors
Intel Pentium Processor N Series
Intel Pentium Processor J Series
Intel Atom Processor E3900 Series
Intel C420 Chipset
Intel X299 Chipset
Intel C620 Series Chipset
8th Gen Intel Core processor
Intel 200 Series Chipset
Intel 100 Series Chipset
Intel 300 Series Chipset
Intel C240 Series Chipset
Pentium Gold processor series (G54XXU)
Intel Celeron Processor 4000 Series
10th Generation Intel Core Processors
Intel Pentium Processor Silver Series
Celeron processor N series
Intel 400 Series Chipset
Intel 500 series chipset
Intel C250 Series Chipset
C740 series chipset
Intel Atom x6000E series
Intel Celeron Processor J Series
Intel 600 Series Chipset
Intel 700 series chipset
Intel W790 chipset
Intel Core Ultra family
Intel Pentium Processor J4000 Series
Intel Pentium Processor N4000 Series
Intel Celeron processor J3000/N3000 series
Intel Pentium processor J5000 series
Intel Pentium processor N5000 series
Intel Celeron J4000 Processors
Intel Celeron N4000 Processors
Intel Pentium Processor N Series
Intel Pentium Processor J Series
Intel Atom Processor E3900 Series
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the CryptHmacSign helper function of TCG TPM2.0 Reference implementation. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.