Advisories ยป MGASA-2023-0050

Updated tpm2-tss packages fix security vulnerability

Publication date: 14 Feb 2023
Modification date: 14 Feb 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-22745

Description

Tss2_RC_SetHandler and Tss2_RC_Decode both index into layer_handler with
an 8 bit layer number, but the array only has
TPM2_ERROR_TSS2_RC_LAYER_COUNT entries, so trying to add a handler for
higher-numbered layers or decode a response code with such a layer number
reads/writes past the end of the buffer. (CVE-2023-22745)
                

References

SRPMS

8/core