Out-of-Bounds Read Vulnerability in Libtpms TPM Library CryptHmacSign Function
Libtpms, a library designed to integrate TPM functionality into hypervisors like Qemu, has a potential out of bounds (OOB) read vulnerability. The flaw exists in the 'CryptHmacSign' function, which occurs when signKey is an ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. This vulnerability stems from the TPM 2.0 reference implementation code published by the Trusted Computing Group. User-mode applications can trigger this issue by sending malicious commands to a TPM 2.0/vTPM (swtpm) with firmware based on the affected TCG reference implementation. When triggered, the vulnerability causes an abort due to detecting out-of-bounds access, potentially rendering a vTPM unavailable to a virtual machine. The vulnerability impacts the library's operation in its location within the "Part 4: Supporting Routines – Code" document, specifically in section "7.151 - /tpm/src/crypt/CryptUtil.c". Libtpms has addressed this security issue in versions 0.7.12, 0.8.10, 0.9.7, and 0.10.1, providing fixes to prevent potential system disruptions.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
stefanberger libtpms |
Vulmon