Bug 1186655 - (CVE-2021-3569) VUL-0: CVE-2021-3569: libtpms: libtpms: stack corruption bug in RSA decryption
(CVE-2021-3569)
VUL-0: CVE-2021-3569: libtpms: libtpms: stack corruption bug in RSA decryption
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Marcus Meissner
Security Team bot
https://smash.suse.de/issue/300966/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-31 07:47 UTC by Marcus Meissner
Modified: 2021-05-31 12:17 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2021-05-31 07:47:10 UTC
rh#1964358

A stack corruption bug was found in libtpms while decrypting data using RSA. The bug exists in CryptRsaDecrypt() in src/tpm2/crypto/openssl/CryptRsa.c. This flaw could cause a SIGBUS (bad memory access) and termination of swtpm.

Upstream commits:
https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b [v0.8.0]
https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 [v0.7.2]

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1964358
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3569
Comment 1 Marcus Meissner 2021-05-31 12:17:52 UTC
we ship 0.8.2 already