jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1132d88d2
cvrf2cusa/cvrf/2023/cvrf-openEuler-SA-2023-1079.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

143 lines
13 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for tpm2-tss is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2023-1079</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2023-02-10</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2023-02-10</InitialReleaseDate>
<CurrentReleaseDate>2023-02-10</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2023-02-10</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">tpm2-tss security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for tpm2-tss is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.
Security Fix(es):
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.(CVE-2023-22745)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for tpm2-tss is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">tpm2-tss</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1079</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-22745</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-22745</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="tpm2-tss-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-debugsource-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-debuginfo-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-devel-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-devel-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-devel-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-devel-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-debuginfo-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-debugsource-3.0.3-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-debuginfo-3.1.0-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-debugsource-3.1.0-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-3.1.0-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-devel-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-devel-3.1.0-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-devel-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-devel-3.1.0-3.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-debuginfo-3.1.0-3.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-debugsource-3.1.0-3.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-3.1.0-3.oe2203sp1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="tpm2-tss-help-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-help-3.0.3-2.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-help-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-help-3.0.3-2.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-help-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-help-3.1.0-3.oe2203.noarch.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-help-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-help-3.1.0-3.oe2203sp1.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="tpm2-tss-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-3.0.3-2.oe1.src.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-3.0.3-2.oe1.src.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-3.1.0-3.oe2203.src.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-3.1.0-3.oe2203sp1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="tpm2-tss-devel-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-devel-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-debugsource-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-debuginfo-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">tpm2-tss-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-devel-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-devel-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-debuginfo-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.0.3-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">tpm2-tss-debugsource-3.0.3-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-debuginfo-3.1.0-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-devel-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-devel-3.1.0-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-debugsource-3.1.0-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">tpm2-tss-3.1.0-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debuginfo-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-debuginfo-3.1.0-3.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-debugsource-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-debugsource-3.1.0-3.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-devel-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-devel-3.1.0-3.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="tpm2-tss-3.1.0-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">tpm2-tss-3.1.0-3.oe2203sp1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.</Note>
</Notes>
<ReleaseDate>2023-02-10</ReleaseDate>
<CVE>CVE-2023-22745</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.4</BaseScore>
<Vector>AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>tpm2-tss security update</Description>
<DATE>2023-02-10</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1079</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink