A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 33 | |
fedora | eq | 34 | |
enterprise_linux | eq | 8.0 | |
tpm2-tools | ge | 5.1 | |
tpm2-tools | lt | 5.1.1 | |
tpm2-tools | lt | 4.3.2 |