CVE-2020-28407: 
NixOS vulnerability analysis and mitigation

CVE-2020-28407 affects swtpm versions before 0.4.2 and 0.5.x before 0.5.1. The vulnerability was discovered in the software's handling of temporary files, specifically related to symlink attacks. The issue was disclosed and patches were released in November 2020 (NVD, SUSE).

The vulnerability allows a local attacker to perform a symlink attack against temporary files, such as TMP2-00.permall. The success of the attack depends on the attacker having access to the TPM's state directory (--tpmstate dir=...). The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H (NVD).

If successfully exploited, an attacker can create a symbolic link with the name of the temporary file (TMP2-00.permall for TPM 2) pointing to a valuable file, resulting in swtpm overwriting the target file. This can lead to privilege escalation and unauthorized file modifications (SUSE).

The vulnerability has been fixed in swtpm versions 0.4.2 and 0.5.1. Users should upgrade to these or later versions to mitigate the risk. The fixes were implemented through multiple commits addressing the symlink attack issue (GitHub v0.4.2, GitHub v0.5.1).