Vulnerability Details CVE-2021-3623
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 3.6
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1976806
- https://github.com/stefanberger/libtpms/commit/2e6173c
- https://github.com/stefanberger/libtpms/commit/2f30d62
- https://github.com/stefanberger/libtpms/commit/7981d9a
- https://github.com/stefanberger/libtpms/pull/223
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/
- https://bugzilla.redhat.com/show_bug.cgi?id=1976806
- https://github.com/stefanberger/libtpms/commit/2e6173c
- https://github.com/stefanberger/libtpms/commit/2f30d62
- https://github.com/stefanberger/libtpms/commit/7981d9a
- https://github.com/stefanberger/libtpms/pull/223
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/
Products affected by CVE-2021-3623
-
cpe:2.3:a:libtpms_project:libtpms:-
-
cpe:2.3:a:libtpms_project:libtpms:0.5.2
-
cpe:2.3:a:libtpms_project:libtpms:0.5.2.1
-
cpe:2.3:a:libtpms_project:libtpms:0.6.0
-
cpe:2.3:a:libtpms_project:libtpms:0.6.1
-
cpe:2.3:a:libtpms_project:libtpms:0.6.2
-
cpe:2.3:a:libtpms_project:libtpms:0.6.3
-
cpe:2.3:a:libtpms_project:libtpms:0.6.4
-
cpe:2.3:a:libtpms_project:libtpms:0.7.0
-
cpe:2.3:a:libtpms_project:libtpms:0.7.1
-
cpe:2.3:a:libtpms_project:libtpms:0.7.2
-
cpe:2.3:a:libtpms_project:libtpms:0.7.3
-
cpe:2.3:a:libtpms_project:libtpms:0.7.4
-
cpe:2.3:a:libtpms_project:libtpms:0.7.5
-
cpe:2.3:a:libtpms_project:libtpms:0.7.6
-
cpe:2.3:a:libtpms_project:libtpms:0.7.7
-
cpe:2.3:a:libtpms_project:libtpms:0.8.0
-
cpe:2.3:a:libtpms_project:libtpms:0.8.1
-
cpe:2.3:a:libtpms_project:libtpms:0.8.2
-
cpe:2.3:a:libtpms_project:libtpms:0.8.3
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:redhat:enterprise_linux:8.0