Vulnerability Details : CVE-2021-3746
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2021-3746
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 31 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-3746
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2021-3746
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: secalert@redhat.com (Primary)
References for CVE-2021-3746
-
https://bugzilla.redhat.com/show_bug.cgi?id=1998588
1998588 – (CVE-2021-3746) CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packetsIssue Tracking;Patch;Third Party Advisory
Products affected by CVE-2021-3746
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*