Test ID:	1.3.6.1.4.1.25623.1.1.10.2022.0112
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2022-0112)
Summary:	The remote host is missing an update for the 'swtpm' package(s) announced via the MGASA-2022-0112 advisory.
Description:	Summary: The remote host is missing an update for the 'swtpm' package(s) announced via the MGASA-2022-0112 advisory. Vulnerability Insight: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. (CVE-2022-23645) Affected Software/OS: 'swtpm' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-23645 https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/ https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19 https://github.com/stefanberger/swtpm/releases/tag/v0.5.3 https://github.com/stefanberger/swtpm/releases/tag/v0.6.2 https://github.com/stefanberger/swtpm/releases/tag/v0.7.1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.