CVE-2021-3623

NameCVE-2021-3623
DescriptionA flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs990522

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libtpms (PTS)bookworm (security)0.9.2-3.1~deb12u1fixed
sid, trixie, bookworm0.9.2-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libtpmssource(unstable)0.9.1-1990522

Notes

https://github.com/stefanberger/libtpms/pull/223
https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809
https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e
Search for package or bug name: Reporting problems