Threat Intel

v0.1

← CVEs

CVE-2026-21444

MED 5.5
Published
2026-01-02
Last Modified
2026-02-25
Affected Apps
5
Affected Devices
7
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
Affected Applications in Environment 5
libtpms v0.9.1-3.20211126git1ff6fe1f43.module+el8.10.0+2014+5ad6bca0
2 devices
libtpms v0.9.1-2.20211126git1ff6fe1f43.module+el8.8.0+1279+230c2115
2 devices
libtpms v0.9.1-2.20211126git1ff6fe1f43.module+el8.10.0+1835+43f01cbb
1 device
libtpms v0.9.1-2.20211126git1ff6fe1f43.module+el8.9.0+90052+d3bf71d8
1 device
libtpms v0.9.1-5.20211126git1ff6fe1f43.el9_6
1 device
Affected Devices 7
chela03 Linux chela04 Linux chela05 Linux dpapsb-161390.aggies.usu.edu Linux dpapsb-191594.mypc.usu.edu Linux eprocdev.banner.usu.edu Linux paymentworksdev.banner.usu.edu Linux
References 3