A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1950046 | Issue Tracking Patch Third Party Advisory |
https://github.com/stefanberger/libtpms/issues/183 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ |
Configurations
History
03 Jun 2021, 16:19
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
Information
Published : 2021-04-19 21:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-3505
Mitre link : CVE-2021-3505
CVE.ORG link : CVE-2021-3505
JSON object : View
Products Affected
redhat
- enterprise_linux
libtpms_project
- libtpms
fedoraproject
- fedora
CWE
CWE-331
Insufficient Entropy