Bug 1902167 (CVE-2020-24455)
| Summary: | CVE-2020-24455 tpm2-tss: FAPI PolicyPCR not instatiating correctly | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | core-kernel-mgr, fmartine, jsnitsel, pbrobinson, yunying.sun |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | tpm2-tss 2.4.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The tpm2-tss package introduced an implementation of TCG Feature API (FAPI) from v2.4.0. While instantiating TPM policy via FAPI, TPM's Platform Configuration Register (PCR) are used to compute policy digest. While reading PCR values via 'ifapi_read_pcr' routine, a PCR list counter was not set which can lead to an incorrect policy instantiation. This may potentially lead to a DoS scenario.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-12-16 08:48:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1908235 | ||
| Bug Blocks: | 1902168 | ||
|
Description
Dhananjay Arunesh
2020-11-27 08:10:12 UTC
Created tpm2-tss tracking bugs for this issue: Affects: fedora-all [bug 1908235] Long fixed in Fedora: * tpm2-tss-3.0.1-1.fc33 - Built: 2020-09-23, pushed stable 2020-09-27 * tpm2-tss-2.4.3-1.fc32 - Built: 2020-09-23, pushed stable 2020-10-06 |