[Bug 2009608] [NEW] Check size of TPM2B_NAME buffer before reading

Rodrigo Figueiredo Zaiden 2009608 at bugs.launchpad.net
Tue Mar 7 15:01:37 UTC 2023 

Public bug reported:

There is a security issue with no CVE assigned in libtpms:

tpm2: Check size of TPM2B_NAME buffer before reading 2 bytes from it
 Fix the missing buffer size check that the TPM 2 errata v1.4 mentions in
 2.6.2 by adding a buffer size check before reading 2 bytes from a
 TPM2B_NAME buffer. There's no known CVE for this.

upstream commit is:
https://github.com/stefanberger/libtpms/commit/92f470c1b0a50bd6d85676a7c7ae368d8da869fe

It should be included in Ubuntu libtpms package

** Affects: libtpms (Ubuntu)
     Importance: Undecided
     Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
         Status: Fix Released

** Affects: libtpms (Ubuntu Jammy)
     Importance: Undecided
     Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
         Status: In Progress

** Affects: libtpms (Ubuntu Kinetic)
     Importance: Undecided
     Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
         Status: In Progress

** Affects: libtpms (Ubuntu Lunar)
     Importance: Undecided
     Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
         Status: Fix Released

** Also affects: libtpms (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: libtpms (Ubuntu Lunar)
   Importance: Undecided
     Assignee: Rodrigo Figueiredo Zaiden (rodrigo-zaiden)
       Status: In Progress

** Also affects: libtpms (Ubuntu Kinetic)
   Importance: Undecided
       Status: New

** Changed in: libtpms (Ubuntu Lunar)
       Status: In Progress => Fix Released

** Changed in: libtpms (Ubuntu Kinetic)
     Assignee: (unassigned) => Rodrigo Figueiredo Zaiden (rodrigo-zaiden)

** Changed in: libtpms (Ubuntu Jammy)
     Assignee: (unassigned) => Rodrigo Figueiredo Zaiden (rodrigo-zaiden)

** Changed in: libtpms (Ubuntu Jammy)
       Status: New => In Progress

** Changed in: libtpms (Ubuntu Kinetic)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libtpms in Ubuntu.
https://bugs.launchpad.net/bugs/2009608

Title:
  Check size of TPM2B_NAME buffer before reading

Status in libtpms package in Ubuntu:
  Fix Released
Status in libtpms source package in Jammy:
  In Progress
Status in libtpms source package in Kinetic:
  In Progress
Status in libtpms source package in Lunar:
  Fix Released

Bug description:
  There is a security issue with no CVE assigned in libtpms:

  tpm2: Check size of TPM2B_NAME buffer before reading 2 bytes from it
   Fix the missing buffer size check that the TPM 2 errata v1.4 mentions in
   2.6.2 by adding a buffer size check before reading 2 bytes from a
   TPM2B_NAME buffer. There's no known CVE for this.

  upstream commit is:
  https://github.com/stefanberger/libtpms/commit/92f470c1b0a50bd6d85676a7c7ae368d8da869fe

  It should be included in Ubuntu libtpms package

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libtpms/+bug/2009608/+subscriptions

More information about the foundations-bugs mailing list