What is CVE-2021-3746?

CVE-2021-3746 is a vulnerability in the libtpms code that allows access beyond the boundary of internal buffers.

What is the severity of CVE-2021-3746?

CVE-2021-3746 has a severity rating of 6.5 (high).

Which software is affected by CVE-2021-3746?

The Libtpms Project versions 0.6.0 to 0.6.6, 0.7.0 to 0.7.9, and 0.8.0 to 0.8.5, as well as Fedora 34 and Red Hat Enterprise Linux 8.0 and Advanced Virtualization are affected.

How can I fix CVE-2021-3746?

To fix CVE-2021-3746, update the libtpms code to a version that includes the necessary security patches.

Vulnerability/
CVE-2021-3746

high

7.1

CWE

119

19/10/2021

22/10/2021

CVE-2021-3746: Buffer Overflow

First published: Tue Oct 19 2021(Updated: )

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Libtpms Project Libtpms	>=0.6.0<0.6.6
Libtpms Project Libtpms	>=0.7.0<0.7.9
Libtpms Project Libtpms	>=0.8.0<0.8.5
Fedoraproject Fedora	=34
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=8.0

Never miss a vulnerability like this again

Reference Links

https://bugzilla.redhat.com/show_bug.cgi?id=1998588

Frequently Asked Questions

What is CVE-2021-3746?
CVE-2021-3746 is a vulnerability in the libtpms code that allows access beyond the boundary of internal buffers.
How is the CVE-2021-3746 vulnerability triggered?
The vulnerability is triggered by specially-crafted TPM2 command packets that write to the TPM2's volatile state.
What is the severity of CVE-2021-3746?
CVE-2021-3746 has a severity rating of 6.5 (high).
Which software is affected by CVE-2021-3746?
The Libtpms Project versions 0.6.0 to 0.6.6, 0.7.0 to 0.7.9, and 0.8.0 to 0.8.5, as well as Fedora 34 and Red Hat Enterprise Linux 8.0 and Advanced Virtualization are affected.
How can I fix CVE-2021-3746?
To fix CVE-2021-3746, update the libtpms code to a version that includes the necessary security patches.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/type
vendor/libtpms project
canonical/libtpms project libtpms
version/libtpms project libtpms/0.6.0
version/libtpms project libtpms/0.7.0
version/libtpms project libtpms/0.8.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.