PT-2021-21674 · Libtpms+2 · Libtpms+2

Guilherme De Almeida Suckevicz

Published

2021-09-09

Updated

2022-06-02

CVE-2021-3746

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtpms versions prior to 0.8.5 libtpms versions prior to 0.7.9 libtpms versions prior to 0.6.6

Description A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The issue is triggered by specially-crafted TPM2 command packets that affect the state of the TPM2's volatile state when written. The highest threat from this issue is to system availability.

Recommendations For versions prior to 0.8.5, update to version 0.8.5 or later. For versions prior to 0.7.9, update to version 0.7.9 or later. For versions prior to 0.6.6, update to version 0.6.6 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2021-3175

CVE-2021-3746

MGASA-2021-0590

OESA-2022-1695

OPENSUSE-SU-2021:3004-1

OPENSUSE-SU-2021_3004-1

OPENSUSE-SU-2024:11004-1

SUSE-SU-2021:3004-1

SUSE-SU-2021:3004-2

SUSE-SU-2021_3004-1

Affected Products

Alt Linux

Suse

Libtpms

PT-2021-21674 · Libtpms+2 · Libtpms+2

CVE-2021-3746

Weakness Enumeration

Related Identifiers

Affected Products

References · 30