CVE-2021-3623: 
NixOS vulnerability analysis and mitigation

CVE-2021-3623 is a vulnerability discovered in libtpms, a library providing TPM (Trusted Platform Module) functionality. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values, which may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read (NVD, Red Hat Bugzilla).

The vulnerability is classified as an out-of-bounds write (CWE-787) with a CVSS v3.1 base score of 6.1 (Medium). The issue occurs when processing TPM 2 command packets with unacceptable/illegal values that become problematic during the marshalling or unmarshalling of the TPM 2's volatile state. This can result in either buffer access beyond its boundary or refusal to accept the state blob due to an illegal value (NVD).

The primary impact of this vulnerability is to system availability. While the buffer access beyond boundaries case does not lead to code execution, exploitation could result in information leakage and/or denial-of-service (DoS) through system crashes. An attacker must have direct or indirect access to call TPMLIB_VolatileAll_Store to exploit this flaw (Red Hat Bugzilla).

The vulnerability has been fixed in libtpms versions 0.6.5, 0.7.8, and 0.8.4. The fix includes resetting buffer size indicators that are found to be too large and implementing checks for maximum size when marshaling data to prevent buffer overstepping (GitHub PR).