Impact
A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed and will likely crash swtpm or prevent it from starting since the state cannot be understood.
Patches
Users should upgrade to swtpm v0.5.3, v0.6.2 or v0.7.1.
Workarounds
There are no known work-arounds.
References
The following patch fixes the issue: 9f74086
For more information
If you have any questions or comments about this advisory:
Impact
A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed and will likely crash swtpm or prevent it from starting since the state cannot be understood.
Patches
Users should upgrade to swtpm v0.5.3, v0.6.2 or v0.7.1.
Workarounds
There are no known work-arounds.
References
The following patch fixes the issue: 9f74086
For more information
If you have any questions or comments about this advisory: