[Bug 2009608] Re: Check size of TPM2B_NAME buffer before reading
Rodrigo Figueiredo Zaiden
2009608 at bugs.launchpad.net
Tue Mar 7 21:48:37 UTC 2023
libtpms (0.9.3-0ubuntu1.22.10.1) kinetic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read/write
- debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and
properly reduce bufferSize variable by the number of bytes that make
up the cipherSize in CryptParameterDecryption() in
src/tpm2/CryptUtil.c
- CVE-2023-1017
- CVE-2023-1018
* SECURITY UPDATE: out-of-bounds read
- debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer
size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c.
- No CVE number
-- Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com> Wed, 01
Mar 2023 19:45:47 -0300
** Changed in: libtpms (Ubuntu Jammy)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libtpms in Ubuntu.
https://bugs.launchpad.net/bugs/2009608
Title:
Check size of TPM2B_NAME buffer before reading
Status in libtpms package in Ubuntu:
Fix Released
Status in libtpms source package in Jammy:
Fix Released
Status in libtpms source package in Kinetic:
Fix Released
Status in libtpms source package in Lunar:
Fix Released
Bug description:
There is a security issue with no CVE assigned in libtpms:
tpm2: Check size of TPM2B_NAME buffer before reading 2 bytes from it
Fix the missing buffer size check that the TPM 2 errata v1.4 mentions in
2.6.2 by adding a buffer size check before reading 2 bytes from a
TPM2B_NAME buffer. There's no known CVE for this.
upstream commit is:
https://github.com/stefanberger/libtpms/commit/92f470c1b0a50bd6d85676a7c7ae368d8da869fe
It should be included in Ubuntu libtpms package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libtpms/+bug/2009608/+subscriptions
More information about the foundations-bugs
mailing list