Out of Bounds Read Vulnerability in Libtpms Library Affecting Hypervisors
CVE-2025-49133

5.9MEDIUM

Key Information:

Vendor

Stefanberger

Status
Libtpms
Vendor
CVE Published:
10 June 2025

What is CVE-2025-49133?

The Libtpms library, integral to integrating Trusted Platform Module (TPM) functionality into hypervisors like Qemu, contains a vulnerability that may lead to an out of bounds read condition. This issue arises within the CryptHmacSign function, particularly due to a mismatch between the signKey (ALG_KEYEDHASH) and the signScheme (ECC or RSA). Such a vulnerability permits exploitation through user-mode applications that send crafted commands to a TPM 2.0/vTPM relying on an affected firmware version based on the TCG reference implementation. As a consequence, the affected Libtpms versions may trigger an abort upon an out-of-bounds access, potentially making the vTPM (swtpm) unusable for virtual machines.

Affected Version(s)

libtpms = 0.7.11 = 0.7.11

libtpms = 0.8.9 = 0.8.9

libtpms = 0.9.6 = 0.9.6

References

https://github.com/stefanberger/libtpms/security/advisori...
x_refsource_CONFIRM
https://github.com/stefanberger/libtpms/commit/04b2d8e9af...
x_refsource_MISC
https://trustedcomputinggroup.org/resource/tpm-library-sp...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.