CVE-2025-49133 — Out-of-bounds Read in Libtpms

CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

5.5MEDIUMNVD

CNA5.9

EPSS

0.1%

top 73.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtpms Project Libtpms Stefanberger Libtpms

Timeline

PublishedJun 10

Latest updateJul 3

Description

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The re…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianlibtpms_project/libtpms< 0.9.2-3.1+deb12u1+2

▶CVEListV5stefanberger/libtpms4 versions+3

▶NVDlibtpms_project/libtpms4 versions+3

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue↗2025-06-10

▶

OSV

CVE-2025-49133: Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu↗2025-06-10

▶

📋Vendor Advisories

Ubuntu

libtpms vulnerability↗2025-07-03

▶

Microsoft

Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue↗2025-06-10

▶

Red Hat

libtpms: Libtpms Out-of-Bounds Read Vulnerability↗2025-06-10

▶

Microsoft

drm/amdkfd: svm range restore work deadlock when process exit↗2025-02-11

▶

Debian

CVE-2025-49133: libtpms - Libtpms is a library that targets the integration of TPM functionality into hype...↗2025

▶