CVE-2021-3505 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-3505 Interim 1 14 2023-05-22T23:55:43Z current 2021-05-30T14:46:53Z 2023-05-22T23:55:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-3505 A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed libtpms-devel-0.8.2-1.1 libtpms-devel-0.8.2-3.3.1 libtpms-devel-0.8.4-2.2 libtpms0-0.8.2-1.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-0.8.2-3.3.1 libtpms0-0.8.4-2.2 libtpms0-0.8.2-1.1 as a component of SUSE Linux Enterprise Micro 5.1 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Micro 5.2 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Micro 5.3 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Micro 5.4 libtpms-devel-0.8.2-1.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libtpms0-0.8.2-1.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libtpms-devel-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libtpms0-0.8.2-1.1 as a component of openSUSE Leap 15.3 libtpms0-0.8.2-3.3.1 as a component of openSUSE Leap 15.4 libtpms-devel-0.8.4-2.2 as a component of openSUSE Tumbleweed libtpms0-0.8.4-2.2 as a component of openSUSE Tumbleweed A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality. CVE-2021-3505 SUSE Linux Enterprise Micro 5.1:libtpms0-0.8.2-1.1 SUSE Linux Enterprise Micro 5.2:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Micro 5.3:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Micro 5.4:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libtpms-devel-0.8.2-1.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libtpms0-0.8.2-1.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libtpms-devel-0.8.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libtpms0-0.8.2-3.3.1 openSUSE Leap 15.3:libtpms0-0.8.2-1.1 openSUSE Leap 15.4:libtpms0-0.8.2-3.3.1 openSUSE Tumbleweed:libtpms-devel-0.8.4-2.2 openSUSE Tumbleweed:libtpms0-0.8.4-2.2 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N