Описание
ELSA-2023-2453: libtpms security update (MODERATE)
[0.9.1-3.20211126git1ff6fe1f43]
- Backport 'tpm2: Check size of buffer before accessing it' (CVE-2023-1017 & CVE-2023-1018) Resolves: rhbz#2173960 Resolves: rhbz#2173967
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
libtpms
0.9.1-3.20211126git1ff6fe1f43.el9_2
Oracle Linux x86_64
libtpms
0.9.1-3.20211126git1ff6fe1f43.el9_2
Связанные CVE
Связанные уязвимости
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.