Main Vulnerability Database Vulnerabilities #VU120909

#VU120909 Cryptographic issues in libtpms - CVE-2026-21444

Published: January 5, 2026

Vulnerability identifier: #VU120909

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-21444

CWE-ID: CWE-310

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
libtpms

Software vendor:
Stefan Berger

Description

The vulnerability allows an attacker to potentially decrypt data.

The vulnerability exists due to an error related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps.

Remediation

Install updates from vendor's website.

External links

https://github.com/stefanberger/libtpms/releases/tag/v0.10.2
https://github.com/stefanberger/libtpms/commit/33c9ff074cb16c1841ce7d7f33643c17c426743a
https://github.com/stefanberger/libtpms/security/advisories/GHSA-7jxr-4j3g-p34f

#VU120909 Cryptographic issues in libtpms - CVE-2026-21444

Description

Remediation

External links

Please verify you're human