Bug 1186490 (CVE-2021-3565) - VUL-0: CVE-2021-3565: tpm2.0-tools: during tpm2_import command invocation a fixed AES wrapping key is used
Summary: VUL-0: CVE-2021-3565: tpm2.0-tools: during tpm2_import command invocation a f...
Status: RESOLVED FIXED
Alias: CVE-2021-3565
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/300693/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-3565:4.4:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-27 09:29 UTC by Marcus Meissner
Modified: 2024-05-23 15:35 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2021-05-27 09:29:08 UTC 
During tpm2_import command invocation a fixed AES wrapping key is used. This presents a weakness in that, when no encrypted session with the TPM is used, the encrypted inner wrapper key is known and thus an entity performing an MITM on the TPM would be able to unwrap the inner portion and reveal the key being imported.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1964427
Comment 1 Matthias Gerstner 2021-05-28 09:45:51 UTC 
Upstream issue and fixing commit are found here:

https://github.com/tpm2-software/tpm2-tools/issues/2738
Comment 2 OBSbugzilla Bot 2021-05-28 11:10:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1186490) was mentioned in
https://build.opensuse.org/request/show/895955 Factory / tpm2.0-tools
Comment 3 Matthias Gerstner 2021-05-28 11:15:05 UTC 
I submitted fixes for Factory and SLE-15 codestreams.

SLE-12 codestreams are not affected. It's a bit complicated for SLE-12-SP5,
because the tpm2_import tool was added at a time to the 3.X release series,
but was removed later on again, because it was not compatible with older tss
libraries. Long story short: not contained in our SLE-12 codestreams.
Comment 4 Matthias Gerstner 2021-05-28 11:15:46 UTC 
Reassigning to security team for tracking.
Comment 6 Swamp Workflow Management 2021-06-17 19:22:14 UTC 
SUSE-SU-2021:1999-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1186490
CVE References: CVE-2021-3565
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    tpm2.0-tools-4.1-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2021-06-17 19:29:18 UTC 
SUSE-SU-2021:1998-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1186490
CVE References: CVE-2021-3565
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    tpm2.0-tools-4.3.0-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-06-27 22:17:25 UTC 
openSUSE-SU-2021:0934-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1186490
CVE References: CVE-2021-3565
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    tpm2.0-tools-4.1-lp152.2.3.1
Comment 9 Swamp Workflow Management 2021-07-11 14:25:46 UTC 
openSUSE-SU-2021:1998-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1186490
CVE References: CVE-2021-3565
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    tpm2.0-tools-4.3.0-4.3.1
Comment 11 Andrea Mattiazzo 2024-05-23 15:35:47 UTC 
All done, closing.