CVE-2021-3746 - OpenCVE

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux
Libtpms Project	Libtpms
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:libtpms_project:libtpms::::::::
	cpe:2.3:a:libtpms_project:libtpms::::::::
	cpe:2.3:a:libtpms_project:libtpms::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0::::-:::
	cpe:2.3:o:redhat:enterprise_linux:8.0::::advanced_virtualization:::

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1998588	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-10-19T14:07:43

Updated: 2021-10-19T14:07:43

Reserved: 2021-08-27T00:00:00

Link: CVE-2021-3746

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-19T15:15:08.003

Modified: 2021-10-22T20:28:26.197

Link: CVE-2021-3746

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "libtpms", "vendor": "n/a", "versions": [{"status": "affected", "version": "libtpms 0.8.5, libtpms 0.7.9, libtpms 0.6.6"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-19T14:07:43", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998588"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3746", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libtpms", "version": {"version_data": [{"version_value": "libtpms 0.8.5, libtpms 0.7.9, libtpms 0.6.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1998588", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998588"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3746", "datePublished": "2021-10-19T14:07:43", "dateReserved": "2021-08-27T00:00:00", "dateUpdated": "2021-10-19T14:07:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*", "matchCriteriaId": "E732D289-1BA4-4F9E-9C55-3FBA9FC1387F", "versionEndExcluding": "0.6.6", "versionStartIncluding": "0.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A035D468-60DC-4122-972B-2F6AAFF72E15", "versionEndExcluding": "0.7.9", "versionStartIncluding": "0.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*", "matchCriteriaId": "355B2394-4B55-4269-9585-C8BF4462ACDD", "versionEndExcluding": "0.8.5", "versionStartIncluding": "0.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6."}, {"lang": "es", "value": "Se ha encontrado un fallo en el c\u00f3digo de libtpms que puede causar un acceso m\u00e1s all\u00e1 de los l\u00edmites de los b\u00faferes internos. La vulnerabilidad es desencadenada mediante paquetes de comandos del TPM2 especialmente dise\u00f1ados que luego desencadenan el problema cuando es escrito el estado vol\u00e1til del TPM2. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. Este problema afecta a libtpms versiones anteriores a 0.8.5, 0.7.9 y 0.6.6"}], "id": "CVE-2021-3746", "lastModified": "2021-10-22T20:28:26.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-19T15:15:08.003", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998588"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Primary"}]}