Candidate: CVE-2021-3565
PublicDate: 2021-06-04 12:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3565
 https://bugzilla.redhat.com/show_bug.cgi?id=1964427
 https://github.com/tpm2-software/tpm2-tools/issues/2738
 https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
Description:
 A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2.
 tpm2_import used a fixed AES key for the inner wrapper, potentially
 allowing a MITM attacker to unwrap the inner portion and reveal the key
 being imported. The highest threat from this vulnerability is to data
 confidentiality.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989148
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]


Patches_tpm2-tools:
upstream_tpm2-tools: needs-triage
trusty_tpm2-tools: ignored (out of standard support)
trusty/esm_tpm2-tools: DNE
xenial_tpm2-tools: ignored (out of standard support)
bionic_tpm2-tools: not-affected (code not present)
focal_tpm2-tools: needed
groovy_tpm2-tools: ignored (reached end-of-life)
hirsute_tpm2-tools: ignored (reached end-of-life)
impish_tpm2-tools: needs-triage
jammy_tpm2-tools: needs-triage
devel_tpm2-tools: needs-triage