Candidate: CVE-2021-3623
PublicDate: 2022-03-02 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3623
 https://github.com/stefanberger/libtpms/pull/223
Description:
 A flaw was found in libtpms. The flaw can be triggered by specially-crafted
 TPM 2 command packets containing illegal values and may lead to an
 out-of-bounds access when the volatile state of the TPM 2 is
 marshalled/written or unmarshalled/read. The highest threat from this
 vulnerability is to system availability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/stefanberger/libtpms/pull/223
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H [8.2 HIGH]


Patches_libtpms:
 upstream: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
 upstream: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809
 upstream: https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e
upstream_libtpms: released (0.8.4, 0.7.8, 0.6.5, 0.9.1-1)
trusty_libtpms: ignored (out of standard support)
trusty/esm_libtpms: DNE
xenial_libtpms: ignored (out of standard support)
bionic_libtpms: DNE
focal_libtpms: DNE
groovy_libtpms: ignored (reached end-of-life)
hirsute_libtpms: ignored (reached end-of-life)
impish_libtpms: needed
jammy_libtpms: not-affected (0.9.3-0ubuntu1)
devel_libtpms: not-affected (0.9.3-0ubuntu1)