CVE-2022-23645 — Out-of-bounds Read in Swtpm

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

0.0%

top 91.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stefanberger Swtpm Swtpm Project Swtpm Fedoraproject Fedora +1 more

Timeline

PublishedFeb 18

Description

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5stefanberger/swtpm< 0.5.3+2

▶NVDswtpm_project/swtpm0.6.0 — 0.6.2+2

▶Debianswtpm_project/swtpm< 0.7.1-1+2

Also affects: Enterprise Linux 8.0, Fedora 35

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2022-23645: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface↗2022-02-18

▶

CVEList

Out-of-bounds read in swtpm↗2022-02-18

▶

📋Vendor Advisories

Red Hat

swtpm: Unchecked header size indicator against expected size↗2022-02-18

▶

Debian

CVE-2022-23645: swtpm - swtpm is a libtpms-based TPM emulator with socket, character device, and Linux C...↗2022

▶