CVE & CISA-KEV Catalog

CVE-2023-22745

MEDIUM
6.4
CVSS v3
NVD

Description

tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Versions 4.1.0-rc0, 4.0.1, and 3.2.2-rc1 fix the issue.

How to fix

Remediation Available
tpm2-tssDebian
Fixed in:3.2.1-3CVE-2023-22745
Fixed in:3.2.1-3CVE-2023-22745
Fixed in:3.2.1-3CVE-2023-22745
tpm2-tssRed Hat / RHEL
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
tpm2-tssRocky
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
tpm2-tss-debuginfoRed Hat / RHEL
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
tpm2-tss-debuginfoRocky
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
tpm2-tss-debugsourceRocky
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
tpm2-tss-debugsourceRed Hat / RHEL
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
tpm2-tss-develRed Hat / RHEL
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
tpm2-tss-develRocky
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8_6RHSA-2024:4408
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:2.3.2-5.el8RHSA-2023:7166
Fixed in:0:2.3.2-5.el8_8RHSA-2024:4739
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
Fixed in:0:3.2.2-2.el9RHSA-2023:6685
libtss2-esys-3.0.2-0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-esys-3.0.2-0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-esys0Ubuntu
Fixed in:2.3.2-1ubuntu0.20.04.2USN-6796-1
libtss2-fapi1Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-fapi1t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-mu-4.0.1-0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-mu0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-policy0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-policy0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-rc0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-rc0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-sys1Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-sys1t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-cmd0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-cmd0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-device0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-device0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-libtpms0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-libtpms0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-mssim0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-mssim0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-pcap0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-pcap0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-spi-helper0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-spi-helper0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-swtpm0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-swtpm0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tctildr0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tctildr0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
tpm2-tssUbuntu
Fixed in:2.3.2-1ubuntu0.20.04.2USN-6796-1
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.52%probability of exploitation in 30 days
40thpercentile

Moderate risk: more likely to be exploited than 40% of all known CVEs.

References

Exploit1
Other references2

Related Vulnerabilities

Other CWE-120 (Classic Buffer Overflow) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2014-0195Medium6.8100%-Fix
CVE-2017-7269Critical9.8100%KEV-
CVE-2019-11043High8.799%KEV + RansomFix
CVE-2011-4862High10.095%-Fix
CVE-2007-5659High7.894%KEVFix
CVE-2022-3786High7.591%-Fix
Embed a live status badge for CVE-2023-22745
CVE-2023-22745 severity badge

Markdown

[![CVE-2023-22745](https://tridentstack.com/cve/badge/CVE-2023-22745.svg)](https://tridentstack.com/cve/CVE-2023-22745)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-22745"><img src="https://tridentstack.com/cve/badge/CVE-2023-22745.svg" alt="CVE-2023-22745"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-21.