OESA-2022-1695

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1695
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1695.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2022-1695
Upstream
Published
2022-06-02T11:03:51Z
Modified
2025-09-03T06:17:31.419816Z
Summary
libtpms security update
Details

A library providing TPM functionality for VMs. Targeted for integration into Qemu.

Security Fix(es):

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.(CVE-2021-3746)

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.(CVE-2021-3623)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / libtpms

Package

Name
libtpms
Purl
pkg:rpm/openEuler/libtpms&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.3-7.oe1

Ecosystem specific 

{
    "aarch64": [
        "libtpms-0.7.3-7.oe1.aarch64.rpm",
        "libtpms-debugsource-0.7.3-7.oe1.aarch64.rpm",
        "libtpms-devel-0.7.3-7.oe1.aarch64.rpm",
        "libtpms-debuginfo-0.7.3-7.oe1.aarch64.rpm"
    ],
    "src": [
        "libtpms-0.7.3-7.oe1.src.rpm"
    ],
    "x86_64": [
        "libtpms-0.7.3-7.oe1.x86_64.rpm",
        "libtpms-debuginfo-0.7.3-7.oe1.x86_64.rpm",
        "libtpms-debugsource-0.7.3-7.oe1.x86_64.rpm",
        "libtpms-devel-0.7.3-7.oe1.x86_64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / libtpms

Package

Name
libtpms
Purl
pkg:rpm/openEuler/libtpms&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.3-7.oe1

Ecosystem specific 

{
    "aarch64": [
        "libtpms-debuginfo-0.7.3-7.oe1.aarch64.rpm",
        "libtpms-devel-0.7.3-7.oe1.aarch64.rpm",
        "libtpms-debugsource-0.7.3-7.oe1.aarch64.rpm",
        "libtpms-0.7.3-7.oe1.aarch64.rpm"
    ],
    "src": [
        "libtpms-0.7.3-7.oe1.src.rpm"
    ],
    "x86_64": [
        "libtpms-0.7.3-7.oe1.x86_64.rpm",
        "libtpms-devel-0.7.3-7.oe1.x86_64.rpm",
        "libtpms-debugsource-0.7.3-7.oe1.x86_64.rpm",
        "libtpms-debuginfo-0.7.3-7.oe1.x86_64.rpm"
    ]
}

openEuler:22.03-LTS / libtpms

Package

Name
libtpms
Purl
pkg:rpm/openEuler/libtpms&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.3-7.oe2203

Ecosystem specific 

{
    "aarch64": [
        "libtpms-0.7.3-7.oe2203.aarch64.rpm",
        "libtpms-debuginfo-0.7.3-7.oe2203.aarch64.rpm",
        "libtpms-devel-0.7.3-7.oe2203.aarch64.rpm",
        "libtpms-debugsource-0.7.3-7.oe2203.aarch64.rpm"
    ],
    "src": [
        "libtpms-0.7.3-7.oe2203.src.rpm"
    ],
    "x86_64": [
        "libtpms-0.7.3-7.oe2203.x86_64.rpm",
        "libtpms-debuginfo-0.7.3-7.oe2203.x86_64.rpm",
        "libtpms-debugsource-0.7.3-7.oe2203.x86_64.rpm",
        "libtpms-devel-0.7.3-7.oe2203.x86_64.rpm"
    ]
}