CVE-2022-23645

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-02-2022 10:15

Last modified: - 07-03-2022 02:49

Total changes: - 4

Description

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

5.5

Base score

1.8

3.6

Exploitability score

Impact score

Verification logic

vendor=swtpm_project AND product=swtpm AND versionEndExcluding=0.5.3

vendor=swtpm_project AND product=swtpm AND versionStartIncluding=0.6.0 AND versionEndExcluding=0.6.2

vendor=swtpm_project AND product=swtpm AND version=0.7.0 AND update=-

vendor=swtpm_project AND product=swtpm AND version=0.7.0 AND update=rc1

vendor=swtpm_project AND product=swtpm AND version=0.7.0 AND update=rc2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8.0

vendor=fedoraproject AND product=fedora AND version=35

Reference

Keywords

CVE-2022-23645

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-23645

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures