CVE-2020-28407

Name of the Vulnerable Software and Affected Versions swtpm versions 0.4.1 and earlier swtpm versions 0.5.x before 0.5.1

Description A local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. This issue allows an attacker to potentially gain unauthorized access to sensitive data.

Recommendations For swtpm versions 0.4.1 and earlier, update to version 0.4.2 or later. For swtpm versions 0.5.x before 0.5.1, update to version 0.5.1 or later. As a temporary workaround, consider restricting access to temporary files to minimize the risk of exploitation.