A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1950046 | Issue Tracking Patch Third Party Advisory |
https://github.com/stefanberger/libtpms/issues/183 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ | |
https://bugzilla.redhat.com/show_bug.cgi?id=1950046 | Issue Tracking Patch Third Party Advisory |
https://github.com/stefanberger/libtpms/issues/183 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ |
Configurations
History
21 Nov 2024, 06:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1950046 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/stefanberger/libtpms/issues/183 - Exploit, Patch, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ - |
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-04-19 21:15
Updated : 2024-11-21 06:21
NVD link : CVE-2021-3505
Mitre link : CVE-2021-3505
CVE.ORG link : CVE-2021-3505
JSON object : View
Products Affected
libtpms_project
- libtpms
fedoraproject
- fedora
redhat
- enterprise_linux
CWE
CWE-331
Insufficient Entropy