VDB
CVE-2021-3746
CVE-2021-3746
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
EPSS 0.19% · 40.3th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.19%
40.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | enterprise_linux | 8.0, 8.0 |
| n/a | libtpms | libtpms 0.8.5, libtpms 0.7.9, libtpms 0.6.6 |
| libtpms_project | libtpms | 0.8.0, 0.7.0, 0.6.0 |
| fedoraproject | fedora | 34 |
Exploit Intelligence
Timeline
- Sep 9, 2021 CVE Published
- Oct 20, 2021 EPSS Score
- Dec 15, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 7, 2022 EPSS Score
- Jun 2, 2022 EPSS Score
- Jul 29, 2022 EPSS Score
- Sep 24, 2022 EPSS Score
- Nov 19, 2022 EPSS Score
- Jan 14, 2023 EPSS Score