Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23645

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.

Published

2022-02-18T21:15:13.090

Last Modified

2024-11-21T06:49:00.490

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	swtpm_project	swtpm	< 0.5.3	Yes
Application	swtpm_project	swtpm	< 0.6.2	Yes
Application	swtpm_project	swtpm	0.7.0	Yes
Application	swtpm_project	swtpm	0.7.0	Yes
Application	swtpm_project	swtpm	0.7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	fedoraproject	fedora	35	Yes

References

https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19 Patch, Third Party Advisory ([email protected])
https://github.com/stefanberger/swtpm/releases/tag/v0.5.3 Release Notes, Third Party Advisory ([email protected])
https://github.com/stefanberger/swtpm/releases/tag/v0.6.2 Release Notes, Third Party Advisory ([email protected])
https://github.com/stefanberger/swtpm/releases/tag/v0.7.1 Release Notes, Third Party Advisory ([email protected])
https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw Patch, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/ ([email protected])
https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/stefanberger/swtpm/releases/tag/v0.5.3 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/stefanberger/swtpm/releases/tag/v0.6.2 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/stefanberger/swtpm/releases/tag/v0.7.1 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/ (af854a3a-2127-422b-91ae-364da2661108)