PT-2025-24927 · Libtpms+7 · Libtpms+7

Stefan Berger

+1

·

Published

2025-06-10

·

Updated

2026-04-16

·

CVE-2025-49133

CVSS v3.1

5.9

Medium

VectorAV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Libtpms versions prior to 0.7.12 Libtpms versions prior to 0.8.10 Libtpms versions prior to 0.9.7 Libtpms versions prior to 0.10.1
Description The issue is an out-of-bounds read vulnerability in the CryptHmacSign function. This occurs when there is an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG KEYEDHASH key and inScheme is an ECC or RSA scheme. The vulnerability can be triggered by sending malicious commands to a TPM 2.0/vTPM whose firmware is based on an affected TCG reference implementation, potentially making a vTPM unavailable to a VM.
Recommendations For versions prior to 0.7.12, update to version 0.7.12 or later. For versions prior to 0.8.10, update to version 0.8.10 or later. For versions prior to 0.9.7, update to version 0.9.7 or later. For versions prior to 0.10.1, update to version 0.10.1 or later. As a temporary workaround, consider restricting access to the CryptHmacSign function until a patch is available.

Exploit

Fix

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:12100
ALSA-2025:12527
ALSA-2025:16428
AZL-63702
BDU:2025-11088
CESA-2025_12527
CVE-2025-49133
GHSA-25W5-6FJJ-HF8G
INFSA-2025_12100
INFSA-2025_12527
MGASA-2025-0248
OESA-2025-1836
OESA-2025-1837
OESA-2025-2133
OESA-2025-2134
OESA-2025-2135
OESA-2025-2261
OPENSUSE-SU-2025:15244-1
OPENSUSE-SU-2026:20695-1
RHSA-2025:12100
RHSA-2025:12111
RHSA-2025:12112
RHSA-2025:12234
RHSA-2025:12293
RHSA-2025:12527
RHSA-2025:16428
RHSA-2025_12100
RHSA-2025_12527
SUSE-SU-2026:1388-1
SUSE-SU-2026:21035-1
SUSE-SU-2026:21064-1
SUSE-SU-2026:21571-1
SUSE-SU-2026:21581-1
USN-7617-1

Affected Products

Almalinux
Centos
Debian
Libtpms
Linuxmint
Red Hat
Rocky Linux
Ubuntu