Vulnerability Details CVE-2020-24455
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 4.6
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1902167
- https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3
- https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KPOENCMJU4DMT3BDNUBRK25B3DJ47UO/
- https://security.gentoo.org/glsa/202107-10
- https://bugzilla.redhat.com/show_bug.cgi?id=1902167
- https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3
- https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KPOENCMJU4DMT3BDNUBRK25B3DJ47UO/
- https://security.gentoo.org/glsa/202107-10
Products affected by CVE-2020-24455
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:-
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:0.97
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:1.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:1.1.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:1.2.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:1.3.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:1.4.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.0.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.0.1
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.0.2
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.0.3
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.1.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.1.1
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.1.2
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.1.3
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.1.4
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.2.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.2.1
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.2.2
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.2.3
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.3.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.3.1
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.3.2
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.3.3
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.4.0
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.4.1
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:2.4.2
-
cpe:2.3:a:tpm2_software_stack_project:tpm2_software_stack:3.0.0
-
cpe:2.3:o:fedoraproject:fedora:34