CVE-2021-3623 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-3623 Interim 1 45 2026-03-05T05:32:14Z current 2021-06-29T00:56:05Z 2026-03-05T05:32:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-3623 A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2022-December/013225.html E-Mail link for SUSE-SU-2022:4457-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/sles/15.5/virt-launcher:0.58.0.20.46 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 openSUSE Tumbleweed libtpms-devel-0.8.2-150300.3.6.1 libtpms-devel-0.9.3-2.1 libtpms-devel-0.9.6-150600.1.2 libtpms0-0.10.0-160000.4.2 libtpms0-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.9.1 libtpms0-0.9.3-2.1 libtpms0-0.9.6-1.13 libtpms0-0.9.6-150600.1.2 libtpms0-0.9.6-slfo.1.1_1.3 libtpms0-0.8.2-150300.3.6.1 as a component of Container suse/sles/15.5/virt-launcher:0.58.0.20.46 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Micro 5.1 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Micro 5.2 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Micro 5.3 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Micro 5.4 libtpms0-0.8.2-150300.3.9.1 as a component of SUSE Linux Enterprise Micro 5.5 libtpms-devel-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libtpms-devel-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libtpms-devel-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 libtpms-devel-0.9.6-150600.1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libtpms0-0.9.6-150600.1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libtpms-devel-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA libtpms0-0.10.0-160000.4.2 as a component of SUSE Linux Enterprise Server 16.0 libtpms0-0.9.6-1.13 as a component of SUSE Linux Micro 6.0 libtpms0-0.9.6-slfo.1.1_1.3 as a component of SUSE Linux Micro 6.1 libtpms-devel-0.8.2-150300.3.6.1 as a component of openSUSE Leap 15.3 libtpms0-0.8.2-150300.3.6.1 as a component of openSUSE Leap 15.3 libtpms-devel-0.8.2-150300.3.6.1 as a component of openSUSE Leap 15.4 libtpms0-0.8.2-150300.3.6.1 as a component of openSUSE Leap 15.4 libtpms0-0.8.2-150300.3.6.1 as a component of openSUSE Leap Micro 5.2 libtpms0-0.8.2-150300.3.6.1 as a component of openSUSE Leap Micro 5.3 libtpms-devel-0.9.3-2.1 as a component of openSUSE Tumbleweed libtpms0-0.9.3-2.1 as a component of openSUSE Tumbleweed A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. CVE-2021-3623 Container suse/sles/15.5/virt-launcher:0.58.0.20.46:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Micro 5.1:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Micro 5.2:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Micro 5.3:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Micro 5.4:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Micro 5.5:libtpms0-0.8.2-150300.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libtpms-devel-0.8.2-150300.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libtpms-devel-0.8.2-150300.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:libtpms-devel-0.8.2-150300.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libtpms-devel-0.9.6-150600.1.2 SUSE Linux Enterprise Module for Server Applications 15 SP7:libtpms0-0.9.6-150600.1.2 SUSE Linux Enterprise Server 15 SP4-TERADATA:libtpms-devel-0.8.2-150300.3.6.1 SUSE Linux Enterprise Server 15 SP4-TERADATA:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Server 16.0:libtpms0-0.10.0-160000.4.2 SUSE Linux Micro 6.0:libtpms0-0.9.6-1.13 SUSE Linux Micro 6.1:libtpms0-0.9.6-slfo.1.1_1.3 openSUSE Leap 15.3:libtpms-devel-0.8.2-150300.3.6.1 openSUSE Leap 15.3:libtpms0-0.8.2-150300.3.6.1 openSUSE Leap 15.4:libtpms-devel-0.8.2-150300.3.6.1 openSUSE Leap 15.4:libtpms0-0.8.2-150300.3.6.1 openSUSE Leap Micro 5.2:libtpms0-0.8.2-150300.3.6.1 openSUSE Leap Micro 5.3:libtpms0-0.8.2-150300.3.6.1 openSUSE Tumbleweed:libtpms-devel-0.9.3-2.1 openSUSE Tumbleweed:libtpms0-0.9.3-2.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H