UBUNTU-CVE-2025-49133

Source
https://ubuntu.com/security/CVE-2025-49133
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49133.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-49133
Upstream
Downstream
Related
Published
2025-06-10T20:15:00Z
Modified
2025-07-16T05:26:27Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.

References

Affected packages

Ubuntu:22.04:LTS / libtpms

Package

Name
libtpms
Purl
pkg:deb/ubuntu/libtpms@0.9.3-0ubuntu1.22.04.2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.3-0ubuntu1.22.04.2

Affected versions

0.*

0.8.2-1ubuntu1
0.9.0-0ubuntu1
0.9.0-0ubuntu2
0.9.0-0ubuntu3
0.9.0-0ubuntu4
0.9.3-0ubuntu1
0.9.3-0ubuntu1.22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libtpms-dev",
            "binary_version": "0.9.3-0ubuntu1.22.04.2"
        },
        {
            "binary_name": "libtpms0",
            "binary_version": "0.9.3-0ubuntu1.22.04.2"
        },
        {
            "binary_name": "libtpms0-dbgsym",
            "binary_version": "0.9.3-0ubuntu1.22.04.2"
        }
    ]
}

Ubuntu:24.04:LTS / libtpms

Package

Name
libtpms
Purl
pkg:deb/ubuntu/libtpms@0.9.3-0ubuntu4.24.04.1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.3-0ubuntu4.24.04.1

Affected versions

0.*

0.9.3-0ubuntu2
0.9.3-0ubuntu3
0.9.3-0ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libtpms-dev",
            "binary_version": "0.9.3-0ubuntu4.24.04.1"
        },
        {
            "binary_name": "libtpms0",
            "binary_version": "0.9.3-0ubuntu4.24.04.1"
        },
        {
            "binary_name": "libtpms0-dbgsym",
            "binary_version": "0.9.3-0ubuntu4.24.04.1"
        }
    ]
}

Ubuntu:25.04 / libtpms

Package

Name
libtpms
Purl
pkg:deb/ubuntu/libtpms@0.9.3-0ubuntu4.25.04.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.3-0ubuntu4.25.04.1

Affected versions

0.*

0.9.3-0ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libtpms-dev",
            "binary_version": "0.9.3-0ubuntu4.25.04.1"
        },
        {
            "binary_name": "libtpms0",
            "binary_version": "0.9.3-0ubuntu4.25.04.1"
        },
        {
            "binary_name": "libtpms0-dbgsym",
            "binary_version": "0.9.3-0ubuntu4.25.04.1"
        }
    ]
}