CVE-2021-3505
First published: Mon Apr 19 2021(Updated: )
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libtpms Project Libtpms | <0.8.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3505?
CVE-2021-3505 is a vulnerability in libtpms versions before 0.8.0 that affects the TPM 2 implementation, allowing for the creation of weak 2048 bit keys.
What is the severity of CVE-2021-3505?
The severity of CVE-2021-3505 is medium with a CVSS score of 5.5.
How does CVE-2021-3505 impact my system?
CVE-2021-3505 can impact your system by allowing the generation of weak 2048 bit keys, which reduces the strength of the encryption.
Is there a fix for CVE-2021-3505?
Yes, the fix for CVE-2021-3505 is to update to libtpms version 0.8.0 or later.
Where can I find more information about CVE-2021-3505?
You can find more information about CVE-2021-3505 in the references provided: [link1](https://bugzilla.redhat.com/show_bug.cgi?id=1950046), [link2](https://github.com/stefanberger/libtpms/issues/183), [link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/)
- collector/nvd-index
- vendor/libtpms project
- canonical/libtpms project libtpms
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33