vulnerability
Ubuntu: (CVE-2021-3565): tpm2-tools vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Jun 4, 2021 | Jun 26, 2025 | Aug 18, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Jun 4, 2021
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
Solution
no-fix-ubuntu-package
References
- CVE-2021-3565
- https://attackerkb.com/topics/CVE-2021-3565
- CWE-665
- CWE-798
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1964427
- URL-https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
- URL-https://github.com/tpm2-software/tpm2-tools/issues/2738
- URL-https://www.cve.org/CVERecord?id=CVE-2021-3565
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.