ALT-PU-2020-3052-1
Closed vulnerabilities
Published: 2021-02-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-24455
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
Severity: MEDIUM (6.7)
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1902167
- https://bugzilla.redhat.com/show_bug.cgi?id=1902167
- https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3
- https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3
- https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1
- https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1
- FEDORA-2021-fa78f3ca9f
- FEDORA-2021-fa78f3ca9f
- GLSA-202107-10
- GLSA-202107-10