Vulnerability Name:

CVE-2021-3746 (CCN-211780)

Assigned:2021-10-18
Published:2021-10-18
Updated:2021-10-22
Summary:A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-3746

Source: CCN
Type: Red Hat Bugzilla - Bug 1998588
(CVE-2021-3746) - CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1998588

Source: XF
Type: UNKNOWN
libtpms-cve20213746-dos(211780)

Source: CCN
Type: libtpms GIT Repository
tpm2: NVMarshal: Handle index orderly RAM without 0-sized terminating node

Source: CCN
Type: IBM Security Bulletin 6845375 (PowerVM Hypervisor)
This Power System update is being released to address CVE-2021-3746

Source: CCN
Type: Mend Vulnerability Database
CVE-2021-3746

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libtpms_project:libtpms:*:*:*:*:*:*:*:* (Version >= 0.6.0 and < 0.6.6)
  • OR cpe:/a:libtpms_project:libtpms:*:*:*:*:*:*:*:* (Version >= 0.7.0 and < 0.7.9)
  • OR cpe:/a:libtpms_project:libtpms:*:*:*:*:*:*:*:* (Version >= 0.8.0 and < 0.8.5)

  • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8053
    P
    perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.13.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:3501
    P
    glib2-lang-2.48.2-12.15.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95131
    P
    libtpms-devel-0.8.2-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:112879
    P
    libtpms-devel-0.8.4-2.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106339
    P
    libtpms-devel-0.8.4-2.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:42219
    P
    Security update for libtpms (Important)
    2021-09-21
    oval:org.opensuse.security:def:69142
    P
    Security update for libtpms (Important)
    2021-09-09
    oval:org.opensuse.security:def:111711
    P
    Security update for libtpms (Important)
    2021-09-09
    oval:org.opensuse.security:def:102206
    P
    Security update for libtpms (Important)
    2021-09-09
    oval:org.opensuse.security:def:1630
    P
    Security update for libtpms (Important)
    2021-09-09
    BACK
    libtpms_project libtpms *
    libtpms_project libtpms *
    libtpms_project libtpms *
    fedoraproject fedora 34
    redhat enterprise linux 8.0
    redhat enterprise linux 8.0