CVE-2023-22745: 
Alma Linux vulnerability analysis and mitigation

CVE-2023-22745 affects tpm2-tss, an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). The vulnerability was discovered by Fergus Dall and disclosed on January 19, 2023. The issue affects versions <= 4.0.0 of the tpm2-tss package (GitHub Advisory).

The vulnerability is a buffer overflow condition in the TSS2RCDecode function. Both Tss2RCSetHandler and Tss2RCDecode functions index into layerhandler with an 8-bit layer number, but the array only has TPM2ERRORTSS2RCLAYERCOUNT entries. This means that attempting to add a handler for higher-numbered layers or decode a response code with such a layer number results in reads/writes past the end of the buffer. The layer handler array was defined as 255, but valid values are 0-255 allowing for 256 possibilities, making the array off by one (GitHub Commit).

The vulnerability could result in a buffer overrun that potentially leads to arbitrary code execution. A practical attack scenario would involve a Man-in-the-Middle (MiTM) bus attack that returns 0xFFFFFFFF for the RC (GitHub Advisory).

The issue has been patched in various distributions including Red Hat Enterprise Linux and Ubuntu. For Red Hat systems, updating to tpm2-tss version 3.2.2-2.el9 addresses the vulnerability (Red Hat Advisory). Ubuntu users should update to the patched versions specified in their security notice (Ubuntu Notice).