CVE-2022-23645

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2022-23645 MGASA-2022-0112 OPENSUSE-SU-2024:11870-1 RHSA-2022:7472 RHSA-2022:8100 SUSE-SU-2022:1297-1

Modified

Published: 18 Feb 2022, 20:50

Last modified:23 Apr 2025, 19:02

Vulnerability Summary

Overall Risk (default)

medium

25/100

CVSS Score

6.2 MEDIUM

v3.1 (cve.org)

EPSS Score

0.03% LOW

0% probability -0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Feb 2022, 20:50

Published

Vulnerability first disclosed

23 Apr 2025, 19:02

Last Modified

Vulnerability information updated

Description

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.

CVSS Metrics

v3.1•MEDIUM•Score: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

fedoraproject•fedora
35
redhat•enterprise_linux
8.0
stefanberger•swtpm
< 0.5.3 | ≥ 0.6.0, < 0.6.2 | = 0.7.0
swtpm_project•swtpm
< 0.5.3 | ≥ 0.6.0, < 0.6.2 | 0.7.0 | 0.7.0:rc1 | 0.7.0:rc2