CVE-2021-3565 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3565 PUBLISHED

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

EPSS 0.39% · 59.8th percentile

Risk Scores

EPSS Score

0.39%

59.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	tpm2-tools	5.2-1, 5.0-2, 0
Ubuntu:24.04:LTS	tpm2-tools	5.6-1build1, 5.6-1build3, 5.6-1build4
Ubuntu:20.04:LTS	tpm2-tools	4.0.1-1, 3.1.3-2, 0
Ubuntu:16.04:LTS	tpm2-tools	0, 1.0.0+20160226.64b3334-0ubuntu1, 1.0.0+20160226.64b3334-0ubuntu2
Ubuntu:25.10	tpm2-tools	0, 5.7-1

Timeline

Jun 4, 2021 CVE Published
Jun 5, 2021 EPSS Score
Aug 6, 2021 EPSS Score
Oct 6, 2021 EPSS Score
Dec 5, 2021 EPSS Score
Feb 3, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 5, 2022 EPSS Score
Jun 4, 2022 EPSS Score
Aug 4, 2022 EPSS Score
Oct 4, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-3565 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1964427 third-party-advisory
https://github.com/tpm2-software/tpm2-tools/issues/2738 third-party-advisory
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-3565 third-party-advisory

Open in Interactive Console →