Unrated severityNVD Advisory· Published Nov 3, 2023· Updated Sep 12, 2024

CVE-2020-28407

Description

In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.

Affected products

swtpm/swtpmdescription
osv-coords
pkg:rpm/opensuse/swtpm&distro=openSUSE%20Tumbleweed
Range: < 0.6.1-1.1

Patches

2df14e343b43

CHANGES: Adjust v0.4.2 release entry

https://github.com/stefanberger/swtpmStefan BergerNov 17, 2020via osv

commit

1 file changed · +2 −2

CHANGES+2 −2 modified

@@ -1,8 +1,8 @@
 CHANGES - changes for swtpm
 
 version 0.4.2:
-  - swtpm:
-    - Addressed potential symlink attack issue (CVS-2020-28407)
+  - swtpm & swtpm_setup:
+    - Addressed potential symlink attack issue (CVE-2020-28407)
 
 version 0.4.1:
   - swtpm_setup:

96f5a04c3d6c

CHANGES: Adjust v0.5.1 release entry

https://github.com/stefanberger/swtpmStefan BergerNov 17, 2020via osv

commit

1 file changed · +2 −2

CHANGES+2 −2 modified

@@ -1,8 +1,8 @@
 CHANGES - changes for swtpm
 
 version 0.5.1:
-  - swtpm
-    - Addressed potential symlink attack issue (CVS-2020-28407)
+  - swtpm & swtpm_setup:
+    - Addressed potential symlink attack issue (CVE-2020-28407)
   - build-sys:
     - Fix configure python cryptography error message

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000