vulnerability
Arch Linux: Man-in-the-middle (CVE-2021-3565)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Jun 4, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Jun 4, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A security issue was found in tpm2-tools before version 5.1.1. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a man-in-the-middle (MITM) attacker to unwrap the inner portion and reveal the key being imported.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-3565
- https://attackerkb.com/topics/CVE-2021-3565
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1964427
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESY6HRYUKR5ZG2K5QAJQC5S6HMKZMFK7/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK5M7I66PBXSN663TSLAZ3V6TWWFCV7C/
- URL-https://security.archlinux.org/ASA-202106-55
- CWE-665
- CWE-798
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.