Vulnerability Details : CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
Products affected by CVE-2022-23645
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:a:swtpm_project:swtpm:*:*:*:*:*:*:*:*
- cpe:2.3:a:swtpm_project:swtpm:*:*:*:*:*:*:*:*
- cpe:2.3:a:swtpm_project:swtpm:0.7.0:-:*:*:*:*:*:*
- cpe:2.3:a:swtpm_project:swtpm:0.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:swtpm_project:swtpm:0.7.0:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23645
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23645
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | |
6.2
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2022-23645
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-23645
-
https://github.com/stefanberger/swtpm/releases/tag/v0.5.3
Release Release of v0.5.3 · stefanberger/swtpm · GitHubRelease Notes;Third Party Advisory
-
https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19
swtpm: Check header size indicator against expected size (CID 375869) · stefanberger/swtpm@9f74086 · GitHubPatch;Third Party Advisory
-
https://github.com/stefanberger/swtpm/releases/tag/v0.6.2
Release Release of v0.6.2 · stefanberger/swtpm · GitHubRelease Notes;Third Party Advisory
-
https://github.com/stefanberger/swtpm/releases/tag/v0.7.1
Release Release of v0.7.1 · stefanberger/swtpm · GitHubRelease Notes;Third Party Advisory
-
https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw
Out-of-bounds read in swtpm when a specially crafted header of swtpm's state is given · Advisory · stefanberger/swtpm · GitHubPatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/
[SECURITY] Fedora 35 Update: swtpm-0.7.1-1.20220218git92a7035.fc35 - package-announce - Fedora Mailing-ListsThird Party Advisory
Jump to