A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
[
{
"product": "libtpms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed-In - libtpms 0.6.5, libtpms 0.7.8, libtpms 0.8.4"
}
]
}
]
bugzilla.redhat.com/show_bug.cgi?id=1976806
github.com/stefanberger/libtpms/commit/2e6173c
github.com/stefanberger/libtpms/commit/2f30d62
github.com/stefanberger/libtpms/commit/7981d9a
github.com/stefanberger/libtpms/pull/223
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/