Check size of TPM2B_NAME buffer before reading
Bug #2009608 reported by
Rodrigo Figueiredo Zaiden
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libtpms (Ubuntu) |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden | ||
Jammy |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden | ||
Kinetic |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden | ||
Lunar |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden |
Bug Description
There is a security issue with no CVE assigned in libtpms:
tpm2: Check size of TPM2B_NAME buffer before reading 2 bytes from it
Fix the missing buffer size check that the TPM 2 errata v1.4 mentions in
2.6.2 by adding a buffer size check before reading 2 bytes from a
TPM2B_NAME buffer. There's no known CVE for this.
upstream commit is: https:/
It should be included in Ubuntu libtpms package
Changed in libtpms (Ubuntu Lunar): | |
status: | In Progress → Fix Released |
Changed in libtpms (Ubuntu Kinetic): | |
assignee: | nobody → Rodrigo Figueiredo Zaiden (rodrigo-zaiden) |
Changed in libtpms (Ubuntu Jammy): | |
assignee: | nobody → Rodrigo Figueiredo Zaiden (rodrigo-zaiden) |
status: | New → In Progress |
Changed in libtpms (Ubuntu Kinetic): | |
status: | New → In Progress |
To post a comment you must log in.
libtpms (0.9.3-0ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: out-of-bounds read/write patches/ CVE-2023- 1017_1018. patch: add a buffer size check and ecryption( ) in tpm2/CryptUtil. c patches/ tpm2-Check- size-of- TPM2B_NAME. patch: add a buffer orize() in src/tpm2/ EACommands. c.
- debian/
properly reduce bufferSize variable by the number of bytes that make
up the cipherSize in CryptParameterD
src/
- CVE-2023-1017
- CVE-2023-1018
* SECURITY UPDATE: out-of-bounds read
- debian/
size check in TPM2_PolicyAuth
- No CVE number
-- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 01 Mar 2023 18:23:14 -0300