CVE-2025-49133
The CVE-2025-49133 entry affects libtpms, a TPM functionality library for virtual machines, with a flaw in CryptHmacSign that pairs signKey (ALG_KEYEDHASH) with inScheme (ECC/RSA) leading to an out-of-bounds read. The issue can be triggered by sending malicious TPM 2.0 commands to a vTPM (swtpm) ...