CVE-2021-3565
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
| Software | From | Fixed in |
|---|---|---|
| tpm2-tools_project / tpm2-tools | 5.1 | 5.1.1 |
| tpm2-tools_project / tpm2-tools | - | 4.3.2 |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| fedoraproject / fedora | 33 | 33.x |
| fedoraproject / fedora | 34 | 34.x |
- https://bugzilla.redhat.com/show_bug.cgi?id=1964427
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESY6HRYUKR5ZG2K5QAJQC5S6HMKZMFK7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK5M7I66PBXSN663TSLAZ3V6TWWFCV7C/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESY6HRYUKR5ZG2K5QAJQC5S6HMKZMFK7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK5M7I66PBXSN663TSLAZ3V6TWWFCV7C/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime