Unrated severityNVD Advisory· Published Jun 4, 2021· Updated Aug 3, 2024
CVE-2021-3565
CVE-2021-3565
Description
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- tpm2-tools/tpm2-toolsdescription
- Range: <5.1.1, <4.3.2
- osv-coords6 versionspkg:rpm/almalinux/tpm2-toolspkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
< 4.1.1-5.el8+ 5 more
- (no CPE)range: < 4.1.1-5.el8
- (no CPE)range: < 4.1-lp152.2.3.1
- (no CPE)range: < 4.3.0-4.3.1
- (no CPE)range: < 5.1.1-3.2
- (no CPE)range: < 4.1-3.3.1
- (no CPE)range: < 4.3.0-4.3.1
Patches
Vulnerability mechanics
References
3- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESY6HRYUKR5ZG2K5QAJQC5S6HMKZMFK7/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK5M7I66PBXSN663TSLAZ3V6TWWFCV7C/mitrevendor-advisoryx_refsource_FEDORA
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.