Lucene search
Redhat.comRH:CVE-2021-3505HistoryApr 16, 2021 - 2:01 p.m.
CVE-2021-3505
2021-04-1614:01:24
redhat.com
access.redhat.com
7
libtpms
key generation
tpm 2
bug
data confidentiality
tcg
vulnerability
EPSS
0.001
Percentile
21.7%
A flaw was found in libtpms. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
Mitigation
There is no mitigation for this issue. Upgrading to a fixed release (0.8.0+) is necessary but not sufficient. The only way to fix it is to unseal all data, delete the old TPM state file, generate a new one with the fixed key generation algorithm, then reseal the data.
Related
cvelist
cvelist
CVE-2021-3505
2021-04-19 20:22:05
nvd
nvd
CVE-2021-3505
2021-04-19 21:15:13
debiancve
debiancve
CVE-2021-3505
2021-04-19 21:15:13
prion
prion
Design/Logic Flaw
2021-04-19 21:15:00
osv
osv
CVE-2021-3505
2021-04-19 21:15:13
ibm
ibm
cve
cve
CVE-2021-3505
2021-04-19 21:15:13
ubuntucve
ubuntucve
CVE-2021-3505
2021-04-19 00:00:00
openvas
openvas
Fedora: Security Advisory for libtpms (FEDORA-2021-cfdc434610)
2021-05-05 00:00:00
Mageia: Security Advisory (MGASA-2021-0590)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: libtpms-0.8.2-0.20210426git729fc6a4ca.fc33
2021-05-05 00:54:10
nessus
nessus
RHEL 8 : av_libtpms (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : libtpms (Unpatched Vulnerability)
2024-05-11 00:00:00
mageia
mageia
Updated libtpms/swtpm packages fix security vulnerability
2021-12-30 19:41:51