Description

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.

Related CPE's

a

libtpms_project

libtpms

3

o

fedoraproject

fedora

34

Vulnerable

o

redhat

enterprise_linux

2

References

https://bugzilla.redhat.com/show_bug.cgi?id=1998588

Issue TrackingPatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-119

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-19T15:15:08.003

3 years ago

Last modified

2021-10-22T20:28:26.197

3 years ago