Candidate: CVE-2020-24455
PublicDate: 2021-02-26 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24455
 https://github.com/tpm2-software/tpm2-tss/commit/0cc5f0e12694f3780a8512fc37a7dbc542ea4330 (master)
 https://github.com/tpm2-software/tpm2-tss/commit/9536b79cd5a13884a7e4de7a571f72530180c20b (3.0.1)
 https://github.com/tpm2-software/tpm2-tss/commit/bf24b0ef0fa8de9300a323f70a097a1afd818439 (2.4.5)
Description:
 Missing initialization of a variable in the TPM2 source may allow a
 privileged user to potentially enable an escalation of privilege via local
 access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [6.7 MEDIUM]


Patches_tpm2-tss:
upstream_tpm2-tss: released (3.0.1-1)
precise/esm_tpm2-tss: DNE
trusty_tpm2-tss: ignored (out of standard support)
trusty/esm_tpm2-tss: DNE
xenial_tpm2-tss: not-affected (code not present)
bionic_tpm2-tss: not-affected (code not present)
focal_tpm2-tss: not-affected (code not present)
groovy_tpm2-tss: not-affected (3.0.1-1)
devel_tpm2-tss: not-affected