Stefanberger Libtpms vulnerabilities

CVE-2026-21444 [MEDIUM] CWE-327 CVE-2026-21444: libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in vers libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the i

CVE-2025-49133 [MEDIUM] CWE-125 CVE-2025-49133: Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily i Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with