First published: Tue Oct 19 2021(Updated: )
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libtpms Project Libtpms | >=0.6.0<0.6.6 | |
Libtpms Project Libtpms | >=0.7.0<0.7.9 | |
Libtpms Project Libtpms | >=0.8.0<0.8.5 | |
Fedoraproject Fedora | =34 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3746 is a vulnerability in the libtpms code that allows access beyond the boundary of internal buffers.
The vulnerability is triggered by specially-crafted TPM2 command packets that write to the TPM2's volatile state.
CVE-2021-3746 has a severity rating of 6.5 (high).
The Libtpms Project versions 0.6.0 to 0.6.6, 0.7.0 to 0.7.9, and 0.8.0 to 0.8.5, as well as Fedora 34 and Red Hat Enterprise Linux 8.0 and Advanced Virtualization are affected.
To fix CVE-2021-3746, update the libtpms code to a version that includes the necessary security patches.