PT-2021-11033 · Tpm2-Tss+1 · Tpm2-Tss+1

Published

2020-10-08

Updated

2024-06-15

CVE-2020-24455

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: tpm2-tss versions prior to 3.0.1 tpm2-tss versions prior to 2.4.3

Description: A missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access.

Recommendations: For versions prior to 3.0.1, update to version 3.0.1 or later. For versions prior to 2.4.3, update to version 2.4.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909

Related Identifiers

ALT-PU-2020-2974

ALT-PU-2020-3052

ALT-PU-2021-3466

ALT-PU-2021-4848

AZL-6924

CVE-2020-24455

MGASA-2020-0417

OESA-2021-1016

OPENSUSE-SU-2024:11470-1

Affected Products

Alt Linux

Tpm2-Tss

PT-2021-11033 · Tpm2-Tss+1 · Tpm2-Tss+1

CVE-2020-24455

Weakness Enumeration

Related Identifiers

Affected Products

References · 21