tpm2-tools: fix CVE-2021-3565 - linux/meta-secure-core.git - Mirror of github.com/jiazhang0/meta-secure-core.git

diff options

author	Yi Zhao <yi.zhao@windriver.com>	2021-07-07 11:23:38 +0800
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2021-07-07 14:26:45 +0800
commit	0e8603b1eab73e94880075b406f609d1be0ce41c (patch)
tree	f194bf18ab8c12d3442973ccf4c9407cabc585a3 /meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
parent	ba04fbba711217e2a7c10270fe932146564f6229 (diff)
download	meta-secure-core-0e8603b1eab73e94880075b406f609d1be0ce41c.tar.gz

tpm2-tools: fix CVE-2021-3565

CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-3565 Patch from: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>

Diffstat (limited to 'meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: