CVE-2021-3623

Опубликовано: 21 июн. 2021

Источник: redhat

CVSS3: 6.1

Описание

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.

Отчет

The versions of libtpms as shipped with Red Hat Enterprise Linux 8 Advanced Virtualization are affected by this issue. A future update may fix the code.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.2/libtpms	Will not fix
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.3/libtpms	Will not fix
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/libtpms	Affected
Red Hat Enterprise Linux 9	libtpms	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=1976806libtpms: out-of-bounds access when trying to resume the state of the vTPM

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2021-3623

CVSS3: 6.1

ubuntu

больше 3 лет назад

CVE-2021-3623

CVSS3: 6.1

nvd

больше 3 лет назад

CVE-2021-3623

CVSS3: 6.1

debian

больше 3 лет назад

A flaw was found in libtpms. The flaw can be triggered by specially-cr ...

SUSE-SU-2022:4457-1

suse-cvrf

больше 2 лет назад

Security update for libtpms

GHSA-6527-9qhc-39j4

CVSS3: 8.2

github

больше 3 лет назад

6.1 Medium

CVSS3