Name of the Vulnerable Software and Affected Versions tss-esapi versions prior to 6.1.2 tss-esapi versions prior to 7.1.0

Description This issue affects applications that start authorization sessions using an explicit initial nonce. When Context::start auth session is called with a nonce argument value of Some(...), a dangling pointer is passed down through FFI to Esys StartAuthSession, potentially leading to an incorrect nonce value being used. The error became apparent due to changes in v1.61.0 of the Rust compiler. Logs indicating a failure due to this issue show a TPM Error and an error when creating a session.

Recommendations For tss-esapi versions prior to 6.1.2, update to version 6.1.2 to resolve the issue. For tss-esapi versions prior to 7.1.0, update to version 7.1.0 to resolve the issue. As a temporary workaround, consider avoiding the use of explicit initial nonce values when starting authorization sessions until a patch is applied.