CVE-2021-3565

MEDIUM

tpm2-tools <5.1.1-4.3.2 - Info Disclosure

Title source: llm

Description

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

References (3)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1964427

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESY6HRYUKR5ZG2K5QAJQC5S6HMKZMFK7/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK5M7I66PBXSN663TSLAZ3V6TWWFCV7C/

Scores

CVSS v3 5.9

EPSS 0.0039

EPSS Percentile 60.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-665 CWE-798

Status published

Products (4)

fedoraproject/fedora 33

fedoraproject/fedora 34

redhat/enterprise_linux 8.0

tpm2-tools_project/tpm2-tools < 4.3.2

Published Jun 04, 2021

Tracked Since Feb 18, 2026