Описание
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
The tpm2-tss package introduced an implementation of TCG Feature API (FAPI) from v2.4.0. While instantiating TPM policy via FAPI, TPM's Platform Configuration Register (PCR) are used to compute policy digest. While reading PCR values via 'ifapi_read_pcr' routine, a PCR list counter was not set which can lead to an incorrect policy instantiation. This may potentially lead to a DoS scenario.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | tpm2-tss | Not affected | ||
| Red Hat Enterprise Linux 8 | tpm2-tss | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.1 Medium
CVSS3
Связанные уязвимости
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
Missing initialization of a variable in the TPM2 source may allow a pr ...
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
EPSS
4.1 Medium
CVSS3