A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1950046 | Issue Tracking Patch Third Party Advisory |
https://github.com/stefanberger/libtpms/issues/183 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-04-19T20:22:05
Updated: 2021-05-05T02:06:35
Reserved: 2021-04-16T00:00:00
Link: CVE-2021-3505
JSON object: View
NVD Information
Status : Modified
Published: 2021-04-19T21:15:13.270
Modified: 2023-11-07T03:38:03.387
Link: CVE-2021-3505
JSON object: View
Redhat Information
No data.
CWE