CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
5.1%
A flaw was found in swtpm. This flaw allows an attacker to create a symbolic link with the name of the temporary file (TMP2-00.permall for TPM 2) and have this point to a valuable file, which will get overwritten by swtpm. The success of the attack depends on the attacker having access to the TPM’s state directory (–tpmstate dir). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.