CVE-2021-3623Out-of-bounds Write in Project Libtpms

CWE-787Out-of-bounds Write6 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 83.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libtpms Project LibtpmsFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedMar 2
Latest updateMar 4

Description

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages3 packages

NVDlibtpms_project/libtpms0.7.00.7.8+2
Debianlibtpms_project/libtpms< 0.9.1-1+2
CVEListV5libtpms_project/libtpmsFixed-In - libtpms 0.6.5, libtpms 0.7.8, libtpms 0.8.4

Also affects: Fedora 34, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-6527-9qhc-39j4: A flaw was found in libtpms2022-03-04
CVEList
CVE-2021-3623: A flaw was found in libtpms2022-03-02
OSV
CVE-2021-3623: A flaw was found in libtpms2022-03-02

📋Vendor Advisories

2
Red Hat
libtpms: out-of-bounds access when trying to resume the state of the vTPM2021-06-21
Debian
CVE-2021-3623: libtpms - A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM ...2021
CVE-2021-3623 — Out-of-bounds Write in Project Libtpms | cvebase