Medium severity6.7OSV Advisory· Published Feb 26, 2021· Updated Jun 17, 2026
CVE-2020-24455
CVE-2020-24455
Description
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31.0, 2.0.0, 2.4.0, …+ 1 more
- (no CPE)range: 1.0, 2.0.0, 2.4.0, …
- (no CPE)range: <3.0.1, <2.4.3
Patches
Vulnerability mechanics
References
5- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3nvdRelease NotesThird Party Advisory
- github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1nvdRelease NotesThird Party Advisory
- security.gentoo.org/glsa/202107-10nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KPOENCMJU4DMT3BDNUBRK25B3DJ47UO/nvd
News mentions
0No linked articles in our index yet.