Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue
Description
Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
137<0.7.12, <0.8.10, <0.9.7, <0.10.1+ 1 more
- (no CPE)range: <0.7.12, <0.8.10, <0.9.7, <0.10.1
- (no CPE)range: = 0.7.11
- osv-coords135 versionspkg:rpm/almalinux/hivexpkg:rpm/almalinux/hivex-develpkg:rpm/almalinux/libguestfspkg:rpm/almalinux/libguestfs-appliancepkg:rpm/almalinux/libguestfs-bash-completionpkg:rpm/almalinux/libguestfs-develpkg:rpm/almalinux/libguestfs-gfs2pkg:rpm/almalinux/libguestfs-gobjectpkg:rpm/almalinux/libguestfs-gobject-develpkg:rpm/almalinux/libguestfs-inspect-iconspkg:rpm/almalinux/libguestfs-javapkg:rpm/almalinux/libguestfs-java-develpkg:rpm/almalinux/libguestfs-javadocpkg:rpm/almalinux/libguestfs-man-pages-japkg:rpm/almalinux/libguestfs-man-pages-ukpkg:rpm/almalinux/libguestfs-rescuepkg:rpm/almalinux/libguestfs-rsyncpkg:rpm/almalinux/libguestfs-toolspkg:rpm/almalinux/libguestfs-tools-cpkg:rpm/almalinux/libguestfs-winsupportpkg:rpm/almalinux/libguestfs-xfspkg:rpm/almalinux/libiscsipkg:rpm/almalinux/libiscsi-develpkg:rpm/almalinux/libiscsi-utilspkg:rpm/almalinux/libnbdpkg:rpm/almalinux/libnbd-bash-completionpkg:rpm/almalinux/libnbd-develpkg:rpm/almalinux/libtpmspkg:rpm/almalinux/libtpms-develpkg:rpm/almalinux/libvirtpkg:rpm/almalinux/libvirt-clientpkg:rpm/almalinux/libvirt-daemonpkg:rpm/almalinux/libvirt-daemon-config-networkpkg:rpm/almalinux/libvirt-daemon-config-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-interfacepkg:rpm/almalinux/libvirt-daemon-driver-networkpkg:rpm/almalinux/libvirt-daemon-driver-nodedevpkg:rpm/almalinux/libvirt-daemon-driver-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-qemupkg:rpm/almalinux/libvirt-daemon-driver-secretpkg:rpm/almalinux/libvirt-daemon-driver-storagepkg:rpm/almalinux/libvirt-daemon-driver-storage-corepkg:rpm/almalinux/libvirt-daemon-driver-storage-diskpkg:rpm/almalinux/libvirt-daemon-driver-storage-glusterpkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsipkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-directpkg:rpm/almalinux/libvirt-daemon-driver-storage-logicalpkg:rpm/almalinux/libvirt-daemon-driver-storage-mpathpkg:rpm/almalinux/libvirt-daemon-driver-storage-rbdpkg:rpm/almalinux/libvirt-daemon-driver-storage-scsipkg:rpm/almalinux/libvirt-daemon-kvmpkg:rpm/almalinux/libvirt-dbuspkg:rpm/almalinux/libvirt-develpkg:rpm/almalinux/libvirt-docspkg:rpm/almalinux/libvirt-libspkg:rpm/almalinux/libvirt-lock-sanlockpkg:rpm/almalinux/libvirt-nsspkg:rpm/almalinux/libvirt-wiresharkpkg:rpm/almalinux/lua-guestfspkg:rpm/almalinux/nbdfusepkg:rpm/almalinux/nbdkitpkg:rpm/almalinux/nbdkit-bash-completionpkg:rpm/almalinux/nbdkit-basic-filterspkg:rpm/almalinux/nbdkit-basic-pluginspkg:rpm/almalinux/nbdkit-curl-pluginpkg:rpm/almalinux/nbdkit-develpkg:rpm/almalinux/nbdkit-example-pluginspkg:rpm/almalinux/nbdkit-gzip-filterpkg:rpm/almalinux/nbdkit-gzip-pluginpkg:rpm/almalinux/nbdkit-linuxdisk-pluginpkg:rpm/almalinux/nbdkit-nbd-pluginpkg:rpm/almalinux/nbdkit-python-pluginpkg:rpm/almalinux/nbdkit-serverpkg:rpm/almalinux/nbdkit-ssh-pluginpkg:rpm/almalinux/nbdkit-tar-filterpkg:rpm/almalinux/nbdkit-tar-pluginpkg:rpm/almalinux/nbdkit-tmpdisk-pluginpkg:rpm/almalinux/nbdkit-vddk-pluginpkg:rpm/almalinux/nbdkit-xz-filterpkg:rpm/almalinux/netcfpkg:rpm/almalinux/netcf-develpkg:rpm/almalinux/netcf-libspkg:rpm/almalinux/ocaml-hivexpkg:rpm/almalinux/ocaml-hivex-develpkg:rpm/almalinux/ocaml-libguestfspkg:rpm/almalinux/ocaml-libguestfs-develpkg:rpm/almalinux/ocaml-libnbdpkg:rpm/almalinux/ocaml-libnbd-develpkg:rpm/almalinux/perl-hivexpkg:rpm/almalinux/perl-Sys-Guestfspkg:rpm/almalinux/perl-Sys-Virtpkg:rpm/almalinux/python3-hivexpkg:rpm/almalinux/python3-libguestfspkg:rpm/almalinux/python3-libnbdpkg:rpm/almalinux/python3-libvirtpkg:rpm/almalinux/qemu-guest-agentpkg:rpm/almalinux/qemu-imgpkg:rpm/almalinux/qemu-kvmpkg:rpm/almalinux/qemu-kvm-block-curlpkg:rpm/almalinux/qemu-kvm-block-glusterpkg:rpm/almalinux/qemu-kvm-block-iscsipkg:rpm/almalinux/qemu-kvm-block-rbdpkg:rpm/almalinux/qemu-kvm-block-sshpkg:rpm/almalinux/qemu-kvm-commonpkg:rpm/almalinux/qemu-kvm-corepkg:rpm/almalinux/qemu-kvm-docspkg:rpm/almalinux/qemu-kvm-hw-usbredirpkg:rpm/almalinux/qemu-kvm-testspkg:rpm/almalinux/qemu-kvm-ui-openglpkg:rpm/almalinux/qemu-kvm-ui-spicepkg:rpm/almalinux/ruby-hivexpkg:rpm/almalinux/ruby-libguestfspkg:rpm/almalinux/seabiospkg:rpm/almalinux/seabios-binpkg:rpm/almalinux/seavgabios-binpkg:rpm/almalinux/sgabiospkg:rpm/almalinux/sgabios-binpkg:rpm/almalinux/SLOFpkg:rpm/almalinux/superminpkg:rpm/almalinux/supermin-develpkg:rpm/almalinux/swtpmpkg:rpm/almalinux/swtpm-develpkg:rpm/almalinux/swtpm-libspkg:rpm/almalinux/swtpm-toolspkg:rpm/almalinux/swtpm-tools-pkcs11pkg:rpm/almalinux/virt-dibpkg:rpm/almalinux/virt-v2vpkg:rpm/almalinux/virt-v2v-bash-completionpkg:rpm/almalinux/virt-v2v-man-pages-japkg:rpm/almalinux/virt-v2v-man-pages-ukpkg:rpm/opensuse/libtpms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libtpms&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libtpms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/libtpms&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libtpms&distro=SUSE%20Linux%20Micro%206.1
< 1.3.18-23.module_el8.6.0+2880+7d9e3703+ 134 more
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 8.10-1.module_el8.10.0+3768+dfd76e10
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-6.module_el8.10.0+3897+eb84924d
- (no CPE)range: < 1.6.0-6.module_el8.10.0+3897+eb84924d
- (no CPE)range: < 1.6.0-6.module_el8.10.0+3897+eb84924d
- (no CPE)range: < 0.9.1-5.20211126git1ff6fe1f43.el9_6
- (no CPE)range: < 0.9.1-3.20211126git1ff6fe1f43.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 8.0.0-23.4.module_el8.10.0+4031+06966654
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.6.0-6.module_el8.10.0+3897+eb84924d
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+3161+a07c0ea5
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.6.0-6.module_el8.10.0+3897+eb84924d
- (no CPE)range: < 1.6.0-6.module_el8.10.0+3897+eb84924d
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.6.0-6.module_el8.10.0+3897+eb84924d
- (no CPE)range: < 8.0.0-2.module_el8.7.0+3346+68867adb
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 15:6.2.0-53.module_el8.10.0+4031+06966654.4
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.16.0-4.module_el8.9.0+3659+9c8643f3
- (no CPE)range: < 1.16.0-4.module_el8.9.0+3659+9c8643f3
- (no CPE)range: < 1.16.0-4.module_el8.9.0+3659+9c8643f3
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 20210217-2.module_el8.10.0+3768+dfd76e10
- (no CPE)range: < 5.2.1-2.module_el8.7.0+3346+68867adb
- (no CPE)range: < 5.2.1-2.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.42.0-22.module_el8.9.0+3659+9c8643f3
- (no CPE)range: < 1:1.42.0-22.module_el8.9.0+3659+9c8643f3
- (no CPE)range: < 1:1.42.0-22.module_el8.9.0+3659+9c8643f3
- (no CPE)range: < 1:1.42.0-22.module_el8.9.0+3659+9c8643f3
- (no CPE)range: < 0.9.6-150600.3.3.1
- (no CPE)range: < 0.10.1-1.1
- (no CPE)range: < 0.9.6-150600.3.3.1
- (no CPE)range: < 0.9.6-2.1
- (no CPE)range: < 0.9.6-slfo.1.1_2.1
Patches
Vulnerability mechanics
References
4- github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1mitrex_refsource_MISC
- github.com/stefanberger/libtpms/security/advisories/GHSA-25w5-6fjj-hf8gmitrex_refsource_CONFIRM
- trustedcomputinggroup.org/resource/tpm-library-specificationmitrex_refsource_MISC
- trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-4-Supporting-Routines-Code.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.