Buffer Overlow in TSS2_RC_Decode in tpm2-tss — CVE-2023-22745

Summary

Advisory CVE-2023-22745. Buffer Overlow in TSS2_RC_Decode in tpm2-tss Vendor: Microsoft. Source: MSRC. Threat: medium. CVSS 6.4. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on CVE-2022-4543
• A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. CVE-2022-41861
• A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. CVE-2023-0394
• A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denia CVE-2023-0469
• A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may caus CVE-2023-0468
• An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is CVE-2022-4285
• An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names a CVE-2018-14628
• Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CVE-2022-37436
• Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions CVE-2022-25147
• atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes CVE-2023-23455
• BitLocker Security Feature Bypass Vulnerability CVE-2023-21563
• cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negativ CVE-2023-23454