Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-68417

No argument validation when passing TPM2 json

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • No
    • Low
    • rhel-security-special-projects
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      It appears that there is no argument validation when passing arguments to TPM2, e.g.:

      # echo "HELLO" | clevis encrypt tpm2 '{"pcrs_ids":"7"}'
... some result ...

      Here above "pcrs_ids" was used instead of "pcr_ids".
      This may be problematic when binding LUKS devices against TPM2, because the binding will occur but sooner or later, on TPM content change, it's very probable that unlocking won't occur anymore.

      What is the impact of this issue to you?

      Potential issues in the future

      Please provide the package NVR for which the bug is seen:

      clevis-15-15.el8
      clevis-20-200.el9

      How reproducible is this bug?:

      Always, see above

              scorreia@redhat.com Sergio Correia
              rhn-support-rmetrich Renaud Métrich
              Sergio Correia Sergio Correia
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: