Stefan Berger

**Name of the Vulnerable Software and Affected Versions** Libtpms versions prior to 0.7.12 Libtpms versions prior to 0.8.10 Libtpms versions prior to 0.9.7 Libtpms versions prior to 0.10.1 **Description** The issue is an out-of-bounds read vulnerability in the `CryptHmacSign` function. This occurs when there is an inconsistent pairing of the `signKey` and `signScheme` parameters, where the `signKey` is `ALG KEYEDHASH` key and `inScheme` is an ECC or RSA scheme. The vulnerability can be triggered by sending malicious commands to a TPM 2.0/vTPM whose firmware is based on an affected TCG reference implementation, potentially making a vTPM unavailable to a VM. **Recommendations** For versions prior to 0.7.12, update to version 0.7.12 or later. For versions prior to 0.8.10, update to version 0.8.10 or later. For versions prior to 0.9.7, update to version 0.9.7 or later. For versions prior to 0.10.1, update to version 0.10.1 or later. As a temporary workaround, consider restricting access to the `CryptHmacSign` function until a patch is available.