vulnerability
CentOS Linux: CVE-2022-23645: Low: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | Feb 18, 2022 | Nov 9, 2022 | May 25, 2023 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Feb 18, 2022
Added
Nov 9, 2022
Modified
May 25, 2023
Description
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
Solutions
centos-upgrade-hivexcentos-upgrade-hivex-debuginfocentos-upgrade-hivex-debugsourcecentos-upgrade-hivex-develcentos-upgrade-libguestfscentos-upgrade-libguestfs-appliancecentos-upgrade-libguestfs-bash-completioncentos-upgrade-libguestfs-debuginfocentos-upgrade-libguestfs-debugsourcecentos-upgrade-libguestfs-develcentos-upgrade-libguestfs-gfs2centos-upgrade-libguestfs-gobjectcentos-upgrade-libguestfs-gobject-debuginfocentos-upgrade-libguestfs-gobject-develcentos-upgrade-libguestfs-inspect-iconscentos-upgrade-libguestfs-javacentos-upgrade-libguestfs-java-debuginfocentos-upgrade-libguestfs-java-develcentos-upgrade-libguestfs-javadoccentos-upgrade-libguestfs-man-pages-jacentos-upgrade-libguestfs-man-pages-ukcentos-upgrade-libguestfs-rescuecentos-upgrade-libguestfs-rsynccentos-upgrade-libguestfs-toolscentos-upgrade-libguestfs-tools-ccentos-upgrade-libguestfs-tools-c-debuginfocentos-upgrade-libguestfs-winsupportcentos-upgrade-libguestfs-xfscentos-upgrade-libiscsicentos-upgrade-libiscsi-debuginfocentos-upgrade-libiscsi-debugsourcecentos-upgrade-libiscsi-develcentos-upgrade-libiscsi-utilscentos-upgrade-libiscsi-utils-debuginfocentos-upgrade-libnbdcentos-upgrade-libnbd-bash-completioncentos-upgrade-libnbd-debuginfocentos-upgrade-libnbd-debugsourcecentos-upgrade-libnbd-develcentos-upgrade-libtpmscentos-upgrade-libtpms-debuginfocentos-upgrade-libtpms-debugsourcecentos-upgrade-libtpms-develcentos-upgrade-libvirtcentos-upgrade-libvirt-clientcentos-upgrade-libvirt-client-debuginfocentos-upgrade-libvirt-daemoncentos-upgrade-libvirt-daemon-config-networkcentos-upgrade-libvirt-daemon-config-nwfiltercentos-upgrade-libvirt-daemon-debuginfocentos-upgrade-libvirt-daemon-driver-interfacecentos-upgrade-libvirt-daemon-driver-interface-debuginfocentos-upgrade-libvirt-daemon-driver-networkcentos-upgrade-libvirt-daemon-driver-network-debuginfocentos-upgrade-libvirt-daemon-driver-nodedevcentos-upgrade-libvirt-daemon-driver-nodedev-debuginfocentos-upgrade-libvirt-daemon-driver-nwfiltercentos-upgrade-libvirt-daemon-driver-nwfilter-debuginfocentos-upgrade-libvirt-daemon-driver-qemucentos-upgrade-libvirt-daemon-driver-qemu-debuginfocentos-upgrade-libvirt-daemon-driver-secretcentos-upgrade-libvirt-daemon-driver-secret-debuginfocentos-upgrade-libvirt-daemon-driver-storagecentos-upgrade-libvirt-daemon-driver-storage-corecentos-upgrade-libvirt-daemon-driver-storage-core-debuginfocentos-upgrade-libvirt-daemon-driver-storage-diskcentos-upgrade-libvirt-daemon-driver-storage-disk-debuginfocentos-upgrade-libvirt-daemon-driver-storage-glustercentos-upgrade-libvirt-daemon-driver-storage-gluster-debuginfocentos-upgrade-libvirt-daemon-driver-storage-iscsicentos-upgrade-libvirt-daemon-driver-storage-iscsi-debuginfocentos-upgrade-libvirt-daemon-driver-storage-iscsi-directcentos-upgrade-libvirt-daemon-driver-storage-iscsi-direct-debuginfocentos-upgrade-libvirt-daemon-driver-storage-logicalcentos-upgrade-libvirt-daemon-driver-storage-logical-debuginfocentos-upgrade-libvirt-daemon-driver-storage-mpathcentos-upgrade-libvirt-daemon-driver-storage-mpath-debuginfocentos-upgrade-libvirt-daemon-driver-storage-rbdcentos-upgrade-libvirt-daemon-driver-storage-rbd-debuginfocentos-upgrade-libvirt-daemon-driver-storage-scsicentos-upgrade-libvirt-daemon-driver-storage-scsi-debuginfocentos-upgrade-libvirt-daemon-kvmcentos-upgrade-libvirt-dbuscentos-upgrade-libvirt-dbus-debuginfocentos-upgrade-libvirt-dbus-debugsourcecentos-upgrade-libvirt-debuginfocentos-upgrade-libvirt-debugsourcecentos-upgrade-libvirt-develcentos-upgrade-libvirt-docscentos-upgrade-libvirt-libscentos-upgrade-libvirt-libs-debuginfocentos-upgrade-libvirt-lock-sanlockcentos-upgrade-libvirt-lock-sanlock-debuginfocentos-upgrade-libvirt-nsscentos-upgrade-libvirt-nss-debuginfocentos-upgrade-libvirt-python-debugsourcecentos-upgrade-libvirt-wiresharkcentos-upgrade-libvirt-wireshark-debuginfocentos-upgrade-lua-guestfscentos-upgrade-lua-guestfs-debuginfocentos-upgrade-nbdfusecentos-upgrade-nbdfuse-debuginfocentos-upgrade-nbdkitcentos-upgrade-nbdkit-bash-completioncentos-upgrade-nbdkit-basic-filterscentos-upgrade-nbdkit-basic-filters-debuginfocentos-upgrade-nbdkit-basic-pluginscentos-upgrade-nbdkit-basic-plugins-debuginfocentos-upgrade-nbdkit-curl-plugincentos-upgrade-nbdkit-curl-plugin-debuginfocentos-upgrade-nbdkit-debuginfocentos-upgrade-nbdkit-debugsourcecentos-upgrade-nbdkit-develcentos-upgrade-nbdkit-example-pluginscentos-upgrade-nbdkit-example-plugins-debuginfocentos-upgrade-nbdkit-gzip-filtercentos-upgrade-nbdkit-gzip-filter-debuginfocentos-upgrade-nbdkit-gzip-plugincentos-upgrade-nbdkit-gzip-plugin-debuginfocentos-upgrade-nbdkit-linuxdisk-plugincentos-upgrade-nbdkit-linuxdisk-plugin-debuginfocentos-upgrade-nbdkit-nbd-plugincentos-upgrade-nbdkit-nbd-plugin-debuginfocentos-upgrade-nbdkit-python-plugincentos-upgrade-nbdkit-python-plugin-debuginfocentos-upgrade-nbdkit-servercentos-upgrade-nbdkit-server-debuginfocentos-upgrade-nbdkit-ssh-plugincentos-upgrade-nbdkit-ssh-plugin-debuginfocentos-upgrade-nbdkit-tar-filtercentos-upgrade-nbdkit-tar-filter-debuginfocentos-upgrade-nbdkit-tar-plugincentos-upgrade-nbdkit-tar-plugin-debuginfocentos-upgrade-nbdkit-tmpdisk-plugincentos-upgrade-nbdkit-tmpdisk-plugin-debuginfocentos-upgrade-nbdkit-vddk-plugincentos-upgrade-nbdkit-vddk-plugin-debuginfocentos-upgrade-nbdkit-xz-filtercentos-upgrade-nbdkit-xz-filter-debuginfocentos-upgrade-netcfcentos-upgrade-netcf-debuginfocentos-upgrade-netcf-debugsourcecentos-upgrade-netcf-develcentos-upgrade-netcf-libscentos-upgrade-netcf-libs-debuginfocentos-upgrade-perl-hivexcentos-upgrade-perl-hivex-debuginfocentos-upgrade-perl-sys-guestfscentos-upgrade-perl-sys-guestfs-debuginfocentos-upgrade-perl-sys-virtcentos-upgrade-perl-sys-virt-debuginfocentos-upgrade-perl-sys-virt-debugsourcecentos-upgrade-python3-hivexcentos-upgrade-python3-hivex-debuginfocentos-upgrade-python3-libguestfscentos-upgrade-python3-libguestfs-debuginfocentos-upgrade-python3-libnbdcentos-upgrade-python3-libnbd-debuginfocentos-upgrade-python3-libvirtcentos-upgrade-python3-libvirt-debuginfocentos-upgrade-qemu-guest-agentcentos-upgrade-qemu-guest-agent-debuginfocentos-upgrade-qemu-imgcentos-upgrade-qemu-img-debuginfocentos-upgrade-qemu-kvmcentos-upgrade-qemu-kvm-block-curlcentos-upgrade-qemu-kvm-block-curl-debuginfocentos-upgrade-qemu-kvm-block-glustercentos-upgrade-qemu-kvm-block-gluster-debuginfocentos-upgrade-qemu-kvm-block-iscsicentos-upgrade-qemu-kvm-block-iscsi-debuginfocentos-upgrade-qemu-kvm-block-rbdcentos-upgrade-qemu-kvm-block-rbd-debuginfocentos-upgrade-qemu-kvm-block-sshcentos-upgrade-qemu-kvm-block-ssh-debuginfocentos-upgrade-qemu-kvm-commoncentos-upgrade-qemu-kvm-common-debuginfocentos-upgrade-qemu-kvm-corecentos-upgrade-qemu-kvm-core-debuginfocentos-upgrade-qemu-kvm-debuginfocentos-upgrade-qemu-kvm-debugsourcecentos-upgrade-qemu-kvm-docscentos-upgrade-qemu-kvm-hw-usbredircentos-upgrade-qemu-kvm-hw-usbredir-debuginfocentos-upgrade-qemu-kvm-ui-openglcentos-upgrade-qemu-kvm-ui-opengl-debuginfocentos-upgrade-qemu-kvm-ui-spicecentos-upgrade-qemu-kvm-ui-spice-debuginfocentos-upgrade-ruby-hivexcentos-upgrade-ruby-hivex-debuginfocentos-upgrade-ruby-libguestfscentos-upgrade-ruby-libguestfs-debuginfocentos-upgrade-seabioscentos-upgrade-seabios-bincentos-upgrade-seavgabios-bincentos-upgrade-sgabioscentos-upgrade-sgabios-bincentos-upgrade-supermincentos-upgrade-supermin-debuginfocentos-upgrade-supermin-debugsourcecentos-upgrade-supermin-develcentos-upgrade-swtpmcentos-upgrade-swtpm-debuginfocentos-upgrade-swtpm-debugsourcecentos-upgrade-swtpm-develcentos-upgrade-swtpm-libscentos-upgrade-swtpm-libs-debuginfocentos-upgrade-swtpm-toolscentos-upgrade-swtpm-tools-debuginfocentos-upgrade-swtpm-tools-pkcs11centos-upgrade-virt-dibcentos-upgrade-virt-dib-debuginfocentos-upgrade-virt-v2vcentos-upgrade-virt-v2v-bash-completioncentos-upgrade-virt-v2v-debuginfocentos-upgrade-virt-v2v-debugsourcecentos-upgrade-virt-v2v-man-pages-jacentos-upgrade-virt-v2v-man-pages-uk
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.