A bug was discovered in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability can be triggered by specially-crafted TPM 2 command packets that then trigger the issue when the state of the TPM 2's volatile state is marshalled/written.
Reference and upstream patches:
Created libtpms tracking bugs for this issue:
Affects: epel-8 [bug 1998590]
Affects: fedora-all [bug 1998589]
analysis complete, patches provided and trackers filed.