CVE-2025-2884
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-2884
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2884.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-2884
- Published
- 2025-06-10T18:15:30.617Z
- Modified
- 2025-11-20T12:35:15.616235Z
- Severity
-
- 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
- References
-
- https://trustedcomputinggroup.org/about/security/
- https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
- https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
- https://www.cve.org/CVERecord?id=CVE-2025-49133
- https://www.kb.cert.org/vuls/id/282450
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html
- https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
Affected packages
Git / github.com/stefanberger/libtpms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/stefanberger/libtpms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2884.json"
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2025-2884-08df5df7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"91387592028675461997877095717241857353",
"46043278828797612329583053409392477945",
"290701491914702545293558201693678448267",
"179078528010704461247847609789006065676",
"89976829304750532194459578391855678356",
"3813253998734237481309170010756697659",
"25494423567064737236276331515657882949",
"70147998749310796507018545356815385329",
"11110004286565532341654438813567125647"
]
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/tpm2/crypto/openssl/CryptHash.c"
}
},
{
"deprecated": false,
"id": "CVE-2025-2884-88768195",
"digest": {
"threshold": 0.9,
"line_hashes": [
"208586757102970530878562186476694338659",
"208341190440247310063698707490328420088",
"164504368535418962434445457555371447380",
"53061649858386026513557069202946532228",
"24400452444878837171420307935255108597"
]
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/tpm2/crypto/CryptHash_fp.h"
}
},
{
"deprecated": false,
"id": "CVE-2025-2884-ca45bef8",
"digest": {
"threshold": 0.9,
"line_hashes": [
"110830384868023181374212913749012154525",
"195335677874360671005066615088067406239",
"139770765966781114838541921534107145299",
"161927505493685847401328142236829225168",
"237653238515592734483595549056604187941",
"58808915068985783206517233263950066424",
"164113591438980628234204807458395193016",
"56929236599932381610125478645481229181",
"155655634464747686679182454301383396961",
"98332868914268254006063472449028909954",
"287078660006371891235642164093651702801",
"276958886360006029218412958960920976195",
"96677443537478843391359066453099930625",
"72337614200572553388048156607844172450",
"140588280118808835477640757074431395516",
"159376765082532381756147477675019513749",
"320736185507227739845358245016841253587",
"161905651710234821282138684942253823159",
"180697105913521249945237127677392569090",
"78004217241506381048952124349575807005",
"57833132747775884518164613183030422051",
"2808046626516888132398087398147785351",
"199425846635952633644505113840341931047",
"278668133804529750204333938272554093419",
"336506120896233261071099402622690618970",
"74487754015921472552880063975625287670",
"246144418070073470403821521249681724229",
"300751124189907970519023877579328375629",
"33729865116200128858884709956913880061",
"169712341671356331356578309570007065986",
"333336891578233060598421810574510093802",
"254444762017899788904808751077959653240",
"4469825291237727941941468370966114413",
"131264415294300930712130665315292520253",
"268989465032650533126611767263297998927",
"172442407239522537002115380360357451442",
"133169797100173072658482076310541515701",
"217268310730680064319167733247374661113",
"310388249129737548740322349614574416538",
"248428915193250955286353991301603673281",
"21787361574465134461028363288799642545",
"210226503878164329466142730749373246164"
]
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/tpm2/CryptUtil.c"
}
},
{
"deprecated": false,
"id": "CVE-2025-2884-cf1fe8a1",
"digest": {
"length": 801.0,
"function_hash": "221981491509906236489174022074160007062"
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/tpm2/CryptUtil.c",
"function": "CryptSelectSignScheme"
}
},
{
"deprecated": false,
"id": "CVE-2025-2884-ed0d3c1d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"222618300359375868561426923428212684009",
"112774421520859308995697409772969159891",
"105308254526206672501321940335536140664",
"106967519160790612746572883393594020556",
"37302831347958675420968095559099376790",
"318596456629620426577810778791410241002",
"235793896461109925302241331622523813072",
"18326731251167480864874614524731372222",
"179193064650277356885867852704916782386",
"288018180999912860106059652783530701296",
"129046868282185197848296242791889904771",
"87656892435991160728665602763837873816"
]
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/tpm2/SigningCommands.c"
}
},
{
"deprecated": false,
"id": "CVE-2025-2884-f18b363d",
"digest": {
"length": 1085.0,
"function_hash": "167761883188394251752351933301685579721"
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/tpm2/SigningCommands.c",
"function": "TPM2_Sign"
}
},
{
"deprecated": false,
"id": "CVE-2025-2884-f1e257d0",
"digest": {
"length": 650.0,
"function_hash": "25391857597255945963761654353419968044"
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/tpm2/CryptUtil.c",
"function": "CryptIsAsymSignScheme"
}
},
{
"deprecated": false,
"id": "CVE-2025-2884-faf6f645",
"digest": {
"length": 559.0,
"function_hash": "84562840235413168440635479089076522643"
},
"source": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/tpm2/CryptUtil.c",
"function": "CryptHmacSign"
}
}
]