CVE-2021-3746 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-3746 Interim 1 36 2026-03-05T05:31:02Z current 2021-08-31T00:52:12Z 2026-03-05T05:31:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-3746 A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2021-September/009428.html E-Mail link for SUSE-SU-2021:3004-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009474.html E-Mail link for SUSE-SU-2021:3004-2 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75RD2O2OFCMWPCMY5QMSZRNV5PG5BTS6/ E-Mail link for openSUSE-SU-2021:3004-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/sles/15.3/virt-launcher:0.45.0.8.14.1 Container suse/sles/15.4/virt-launcher:0.49.0.18.8 Container suse/sles/15.5/virt-launcher:0.58.0.20.46 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed libtpms-devel-0.8.2-3.3.1 libtpms-devel-0.8.4-2.2 libtpms-devel-0.9.6-150600.1.2 libtpms0-0.10.0-160000.4.2 libtpms0-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.9.1 libtpms0-0.8.2-3.3.1 libtpms0-0.8.4-2.2 libtpms0-0.9.6-1.13 libtpms0-0.9.6-150600.1.2 libtpms0-0.9.6-slfo.1.1_1.3 libtpms0-0.8.2-3.3.1 as a component of Container suse/sles/15.3/virt-launcher:0.45.0.8.14.1 libtpms0-0.8.2-3.3.1 as a component of Container suse/sles/15.4/virt-launcher:0.49.0.18.8 libtpms0-0.8.2-3.3.1 as a component of Container suse/sles/15.5/virt-launcher:0.58.0.20.46 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Micro 5.1 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Micro 5.2 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Micro 5.3 libtpms0-0.8.2-150300.3.6.1 as a component of SUSE Linux Enterprise Micro 5.4 libtpms0-0.8.2-150300.3.9.1 as a component of SUSE Linux Enterprise Micro 5.5 libtpms-devel-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libtpms-devel-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libtpms-devel-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 libtpms0-0.8.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 libtpms-devel-0.9.6-150600.1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libtpms0-0.9.6-150600.1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libtpms0-0.10.0-160000.4.2 as a component of SUSE Linux Enterprise Server 16.0 libtpms0-0.9.6-1.13 as a component of SUSE Linux Micro 6.0 libtpms0-0.9.6-slfo.1.1_1.3 as a component of SUSE Linux Micro 6.1 libtpms-devel-0.8.2-3.3.1 as a component of openSUSE Leap 15.3 libtpms0-0.8.2-3.3.1 as a component of openSUSE Leap 15.3 libtpms0-0.8.2-3.3.1 as a component of openSUSE Leap 15.4 libtpms-devel-0.8.4-2.2 as a component of openSUSE Tumbleweed libtpms0-0.8.4-2.2 as a component of openSUSE Tumbleweed A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. CVE-2021-3746 Container suse/sles/15.3/virt-launcher:0.45.0.8.14.1:libtpms0-0.8.2-3.3.1 Container suse/sles/15.4/virt-launcher:0.49.0.18.8:libtpms0-0.8.2-3.3.1 Container suse/sles/15.5/virt-launcher:0.58.0.20.46:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Micro 5.1:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Micro 5.2:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Micro 5.3:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Micro 5.4:libtpms0-0.8.2-150300.3.6.1 SUSE Linux Enterprise Micro 5.5:libtpms0-0.8.2-150300.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libtpms-devel-0.8.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libtpms-devel-0.8.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:libtpms-devel-0.8.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:libtpms0-0.8.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libtpms-devel-0.9.6-150600.1.2 SUSE Linux Enterprise Module for Server Applications 15 SP7:libtpms0-0.9.6-150600.1.2 SUSE Linux Enterprise Server 16.0:libtpms0-0.10.0-160000.4.2 SUSE Linux Micro 6.0:libtpms0-0.9.6-1.13 SUSE Linux Micro 6.1:libtpms0-0.9.6-slfo.1.1_1.3 openSUSE Leap 15.3:libtpms-devel-0.8.2-3.3.1 openSUSE Leap 15.3:libtpms0-0.8.2-3.3.1 openSUSE Leap 15.4:libtpms0-0.8.2-3.3.1 openSUSE Tumbleweed:libtpms-devel-0.8.4-2.2 openSUSE Tumbleweed:libtpms0-0.8.4-2.2 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H