rpm package

almalinux/libtpms

pkg:rpm/almalinux/libtpms

Vulnerabilities (54)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-11234	Hig	7.5	< 0.9.1-3.20211126git1ff6fe1f43.module_el8.10.0+4031+06966654	0.9.1-3.20211126git1ff6fe1f43.module_el8.10.0+4031+06966654	Oct 3, 2025	A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client w
CVE-2025-49133		—	< 0.9.1-5.20211126git1ff6fe1f43.el9_6	0.9.1-5.20211126git1ff6fe1f43.el9_6	Jun 10, 2025	Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulner
CVE-2024-7409	Hig	7.5	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	Aug 5, 2024	A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
CVE-2024-7383	Hig	7.4	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	Aug 5, 2024	A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
CVE-2024-4467	Hig	7.8	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	Jul 2, 2024	A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of
CVE-2024-4418	Med	6.2	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	May 8, 2024	A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while
CVE-2024-3446	Hig	8.2	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	Apr 9, 2024	A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce
CVE-2023-3301		—	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3	Sep 13, 2023	A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
CVE-2023-3354		—	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	Jul 11, 2023	A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph
CVE-2023-2700		—	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	May 15, 2023	A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
CVE-2023-1017		—	< 0.9.1-3.20211126git1ff6fe1f43.el9_2	0.9.1-3.20211126git1ff6fe1f43.el9_2	Feb 28, 2023	An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the
CVE-2023-1018		—	< 0.9.1-3.20211126git1ff6fe1f43.el9_2	0.9.1-3.20211126git1ff6fe1f43.el9_2	Feb 28, 2023	An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
CVE-2022-4144		—	< 0.9.1-1.20211126git1ff6fe1f43.module_el8.7.0+3346+68867adb	0.9.1-1.20211126git1ff6fe1f43.module_el8.7.0+3346+68867adb	Nov 29, 2022	An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious gue
CVE-2022-40284		—	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	Nov 6, 2022	A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to
CVE-2022-3165		—	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	Oct 17, 2022	An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-0485		—	< 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703	0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703	Aug 29, 2022	A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the
CVE-2021-4158		—	< 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703	0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703	Aug 24, 2022	A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2021-3975		—	< 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703	0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703	Aug 23, 2022	A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
CVE-2022-30789		—	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788		—	< 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

CVE-2025-11234HigOct 3, 2025
affected < 0.9.1-3.20211126git1ff6fe1f43.module_el8.10.0+4031+06966654fixed 0.9.1-3.20211126git1ff6fe1f43.module_el8.10.0+4031+06966654
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client w
CVE-2025-49133Jun 10, 2025
affected < 0.9.1-5.20211126git1ff6fe1f43.el9_6fixed 0.9.1-5.20211126git1ff6fe1f43.el9_6
Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulner
CVE-2024-7409HigAug 5, 2024
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3fixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
CVE-2024-7383HigAug 5, 2024
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3fixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
CVE-2024-4467HigJul 2, 2024
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3fixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of
CVE-2024-4418MedMay 8, 2024
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3fixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3
A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while
CVE-2024-3446HigApr 9, 2024
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3fixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce
CVE-2023-3301Sep 13, 2023
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3fixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.9.0+3659+9c8643f3
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
CVE-2023-3354Jul 11, 2023
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596bfixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph
CVE-2023-2700May 15, 2023
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596bfixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
CVE-2023-1017Feb 28, 2023
affected < 0.9.1-3.20211126git1ff6fe1f43.el9_2fixed 0.9.1-3.20211126git1ff6fe1f43.el9_2
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the
CVE-2023-1018Feb 28, 2023
affected < 0.9.1-3.20211126git1ff6fe1f43.el9_2fixed 0.9.1-3.20211126git1ff6fe1f43.el9_2
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
CVE-2022-4144Nov 29, 2022
affected < 0.9.1-1.20211126git1ff6fe1f43.module_el8.7.0+3346+68867adbfixed 0.9.1-1.20211126git1ff6fe1f43.module_el8.7.0+3346+68867adb
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious gue
CVE-2022-40284Nov 6, 2022
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596bfixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to
CVE-2022-3165Oct 17, 2022
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596bfixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-0485Aug 29, 2022
affected < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703fixed 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the
CVE-2021-4158Aug 24, 2022
affected < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703fixed 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2021-3975Aug 23, 2022
affected < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703fixed 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
CVE-2022-30789May 26, 2022
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596bfixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788May 26, 2022
affected < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596bfixed 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

Page 1 of 3