1998588 – (CVE-2021-3746) CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets

Bug 1998588 (CVE-2021-3746) - CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets

Summary: CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 comma...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-3746
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1998589 1998590 1999303 1999305 1999306 1999307
Blocks:	1997740 1998591
TreeView+	depends on / blocked

Reported:	2021-08-27 17:01 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-04-17 21:34 UTC (History)
CC List:	4 users (show)
Fixed In Version:	libtpms 0.8.5, libtpms 0.7.9, libtpms 0.6.6 and later
Clone Of:
Environment:
Last Closed:	2021-08-31 13:22:12 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-08-27 17:01:53 UTC

A bug was discovered in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability can be triggered by specially-crafted TPM 2 command packets that then trigger the issue when the state of the TPM 2's volatile state is marshalled/written.

Reference and upstream patches:
https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df
https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72

Comment 1 Guilherme de Almeida Suckevicz 2021-08-27 17:02:15 UTC

Created libtpms tracking bugs for this issue:

Affects: epel-8 [bug 1998590]
Affects: fedora-all [bug 1998589]

Comment 7 devthomp 2021-08-31 13:22:12 UTC

analysis complete, patches provided and trackers filed.
resolving.

Note You need to log in before you can comment on or make changes to this bug.