{"containers": {"cna": {"affected": [{"product": "libtpms", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed-In - libtpms 0.6.5, libtpms 0.7.8, libtpms 0.8.4"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": " CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-23T17:47:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2021-465b5c3b67", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976806"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/stefanberger/libtpms/pull/223"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/stefanberger/libtpms/commit/2f30d62"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/stefanberger/libtpms/commit/7981d9a"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/stefanberger/libtpms/commit/2e6173c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3623", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libtpms", "version": {"version_data": [{"version_value": "Fixed-In - libtpms 0.6.5, libtpms 0.7.8, libtpms 0.8.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": " CWE-787"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2021-465b5c3b67", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1976806", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976806"}, {"name": "https://github.com/stefanberger/libtpms/pull/223", "refsource": "MISC", "url": "https://github.com/stefanberger/libtpms/pull/223"}, {"name": "https://github.com/stefanberger/libtpms/commit/2f30d62", "refsource": "MISC", "url": "https://github.com/stefanberger/libtpms/commit/2f30d62"}, {"name": "https://github.com/stefanberger/libtpms/commit/7981d9a", "refsource": "MISC", "url": "https://github.com/stefanberger/libtpms/commit/7981d9a"}, {"name": "https://github.com/stefanberger/libtpms/commit/2e6173c", "refsource": "MISC", "url": "https://github.com/stefanberger/libtpms/commit/2e6173c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:08.325Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2021-465b5c3b67", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976806"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/stefanberger/libtpms/pull/223"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/stefanberger/libtpms/commit/2f30d62"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/stefanberger/libtpms/commit/7981d9a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/stefanberger/libtpms/commit/2e6173c"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3623", "datePublished": "2022-03-02T22:02:36", "dateReserved": "2021-06-28T00:00:00", "dateUpdated": "2024-08-03T17:01:08.325Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3C197C5-7736-4A8E-B7A2-2DFE99DB50B1", "versionEndExcluding": "0.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B9B0605-529C-43AB-8012-9838EDAE68BA", "versionEndExcluding": "0.7.8", "versionStartIncluding": "0.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*", "matchCriteriaId": "0041D79D-7D5A-45F0-B24C-6EBCC6C56855", "versionEndExcluding": "0.8.4", "versionStartIncluding": "0.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo en libtpms. El fallo puede ser desencadenado por paquetes de comandos TPM 2 especialmente dise\u00f1ados que contengan valores ilegales y puede conllevar a un acceso fuera de l\u00edmites cuando el estado vol\u00e1til del TPM 2 es marshalled/written o unmarshalled/read. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "id": "CVE-2021-3623", "lastModified": "2024-11-21T06:22:00.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-02T23:15:08.623", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976806"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/commit/2e6173c"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/commit/2f30d62"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/commit/7981d9a"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/pull/223"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976806"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/commit/2e6173c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/commit/2f30d62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/commit/7981d9a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/stefanberger/libtpms/pull/223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Birk Kauer (Amazon Web Services) for reporting this issue.", "bugzilla": {"description": "libtpms: out-of-bounds access when trying to resume the state of the vTPM", "id": "1976806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976806"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.", "A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-3623", "package_state": [{"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Will not fix", "package_name": "virt:8.2/libtpms", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Will not fix", "package_name": "virt:8.3/libtpms", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "virt:av/libtpms", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libtpms", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3623\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3623"], "statement": "The versions of `libtpms` as shipped with Red Hat Enterprise Linux 8 Advanced Virtualization are affected by this issue. A future update may fix the code.", "threat_severity": "Moderate", "upstream_fix": "libtpms 0.6.5, libtpms 0.7.8, libtpms 0.8.4"}