Количество 10
Количество 10
BDU:2022-06088
Уязвимость TPM эмулятора swtpm, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, a ...
SUSE-SU-2022:1297-1
Security update for swtpm
ELSA-2022-8100
ELSA-2022-8100: swtpm security and bug fix update (LOW)
ELSA-2022-9240
ELSA-2022-9240: libtpms security update (IMPORTANT)
RLSA-2022:7472
Low: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
ELSA-2022-7472
ELSA-2022-7472: virt:ol and virt-devel:ol security, bug fix, and enhancement update (LOW)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2022-06088 Уязвимость TPM эмулятора swtpm, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.2 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-23645 swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. | CVSS3: 6.2 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-23645 swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-23645 swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. | CVSS3: 6.2 | 0% Низкий | больше 3 лет назад |
| CVE-2022-23645 swtpm is a libtpms-based TPM emulator with socket, character device, a ... | CVSS3: 6.2 | 0% Низкий | больше 3 лет назад |
 | SUSE-SU-2022:1297-1 Security update for swtpm | 0% Низкий | около 3 лет назад | |
| ELSA-2022-8100 ELSA-2022-8100: swtpm security and bug fix update (LOW) | больше 2 лет назад | ||
| ELSA-2022-9240 ELSA-2022-9240: libtpms security update (IMPORTANT) | около 3 лет назад | ||
 | RLSA-2022:7472 Low: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | больше 2 лет назад | ||
| ELSA-2022-7472 ELSA-2022-7472: virt:ol and virt-devel:ol security, bug fix, and enhancement update (LOW) | больше 2 лет назад |
Уязвимостей на страницу