rpm package

almalinux/swtpm-tools

pkg:rpm/almalinux/swtpm-tools

Vulnerabilities (54)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-30784	—	< 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb	0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb	May 26, 2022	A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3750	—	< 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb	0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb	May 2, 2022	A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790	—	< 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb	0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb	May 2, 2022	ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2021-3748	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Mar 23, 2022	A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2022-26354	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Mar 16, 2022	A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Mar 16, 2022	A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Mar 2, 2022	A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th
CVE-2022-23645	—	< 0.7.0-3.20211109gitb79fd91.el9	0.7.0-3.20211109gitb79fd91.el9	Feb 18, 2022	swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid valu
CVE-2021-4145	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Jan 25, 2022	A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra
CVE-2021-3622	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Dec 23, 2021	A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to s
CVE-2021-39263	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
CVE-2021-39262	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2021-39261	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
CVE-2021-39260	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
CVE-2021-39259	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
CVE-2021-39258	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
CVE-2021-39257	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
CVE-2021-39256	—	< 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703	Sep 7, 2021	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.

CVE-2022-30784May 26, 2022
affected < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adbfixed 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3750May 2, 2022
affected < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adbfixed 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790May 2, 2022
affected < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adbfixed 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206Apr 29, 2022
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207Apr 29, 2022
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2021-3748Mar 23, 2022
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2022-26354Mar 16, 2022
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353Mar 16, 2022
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716Mar 2, 2022
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th
CVE-2022-23645Feb 18, 2022
affected < 0.7.0-3.20211109gitb79fd91.el9fixed 0.7.0-3.20211109gitb79fd91.el9
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid valu
CVE-2021-4145Jan 25, 2022
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra
CVE-2021-3622Dec 23, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to s
CVE-2021-39263Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
CVE-2021-39262Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2021-39261Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
CVE-2021-39260Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
CVE-2021-39259Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
CVE-2021-39258Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
CVE-2021-39257Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
CVE-2021-39256Sep 7, 2021
affected < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703fixed 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.

Page 2 of 3