Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
6.7CVSS
6.4AI Score
0.0004EPSS
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions Tss2_RC_SetHandler and Tss2_RC_Decode both index into layer_handler with an 8 bit layer number, but the array only has TPM2_ERROR_TSS2_...
6.4CVSS
6.6AI Score
0.0004EPSS