From https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19: This fix addresses Coverity issue CID 375869. Check the header size indicated in the header of the state against the expected size and return an error code in case the header size indicator is different. There was only one header size so far since blobheader was introduced, so we don't need to deal with different sizes. Without this fix a specially craft header could have cause out-of-bounds accesses on the byte array containing the swtpm's state. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Changelog: version 0.7.1: swtpm: Check header size indicator against expected size (CVE-2022-23645) swtpm_localca: Test for available issuercert before creating CA
Thanks for reporting!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2054e6abb31b24bbbeb272cd36337f50b10130e commit d2054e6abb31b24bbbeb272cd36337f50b10130e Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2022-02-19 02:48:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-19 05:12:52 +0000 app-crypt/swtpm: Remove old vulnerable versions Bug: https://bugs.gentoo.org/833635 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/24265 Signed-off-by: Sam James <sam@gentoo.org> app-crypt/swtpm/Manifest | 2 -- app-crypt/swtpm/swtpm-0.6.1.ebuild | 70 -------------------------------------- app-crypt/swtpm/swtpm-0.7.0.ebuild | 70 -------------------------------------- 3 files changed, 142 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5605c2f8a4c2150f0f7caa679fc615c5f9731a5a commit 5605c2f8a4c2150f0f7caa679fc615c5f9731a5a Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2022-02-19 02:47:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-19 05:12:51 +0000 app-crypt/swtpm: Bump to fix CVE-2022-23645 Bug: https://bugs.gentoo.org/833635 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-crypt/swtpm/Manifest | 1 + app-crypt/swtpm/swtpm-0.7.1.ebuild | 70 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+)