PT-2025-24927 · Libtpms+7 · Libtpms+7
Stefan Berger
+1
·
Publicado
2025-06-10
·
Atualizado
2026-04-16
·
CVE-2025-49133
CVSS v3.1
5.9
Média
| Vetor | AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Libtpms versions prior to 0.7.12
Libtpms versions prior to 0.8.10
Libtpms versions prior to 0.9.7
Libtpms versions prior to 0.10.1
Description
The issue is an out-of-bounds read vulnerability in the
CryptHmacSign function. This occurs when there is an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG KEYEDHASH key and inScheme is an ECC or RSA scheme. The vulnerability can be triggered by sending malicious commands to a TPM 2.0/vTPM whose firmware is based on an affected TCG reference implementation, potentially making a vTPM unavailable to a VM.Recommendations
For versions prior to 0.7.12, update to version 0.7.12 or later.
For versions prior to 0.8.10, update to version 0.8.10 or later.
For versions prior to 0.9.7, update to version 0.9.7 or later.
For versions prior to 0.10.1, update to version 0.10.1 or later.
As a temporary workaround, consider restricting access to the
CryptHmacSign function until a patch is available.Exploit
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Almalinux
Centos
Debian
Libtpms
Linuxmint
Red Hat
Rocky Linux
Ubuntu