CVE-2021-3623
N/A
N/A
Summary
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | libtpms | Fixed-In - libtpms 0.6.5, libtpms 0.7.8, libtpms 0.8.4 | affected |
Weaknesses
- CWE-787: CWE-787
ADP Enrichment
CVE Program Container
Additional References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/
- https://bugzilla.redhat.com/show_bug.cgi?id=1976806
- https://github.com/stefanberger/libtpms/pull/223
- https://github.com/stefanberger/libtpms/commit/2f30d62
- https://github.com/stefanberger/libtpms/commit/7981d9a
- https://github.com/stefanberger/libtpms/commit/2e6173c
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/
- https://bugzilla.redhat.com/show_bug.cgi?id=1976806
- https://github.com/stefanberger/libtpms/pull/223
- https://github.com/stefanberger/libtpms/commit/2f30d62
- https://github.com/stefanberger/libtpms/commit/7981d9a
- https://github.com/stefanberger/libtpms/commit/2e6173c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.