CVE-2026-21444
IV Reuse Vulnerability in libtpms OpenSSL Integration Risks Data Confidentiality
Publication date: 2026-01-02
Last updated on: 2026-02-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libtpms_project | libtpms | From 0.10.0 (inc) to 0.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-330 | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-21444 is a vulnerability in the libtpms library versions 0.10.0 and 0.10.1, which provides software emulation of a Trusted Platform Module (TPM). The flaw occurs when libtpms is integrated with OpenSSL 3.x and uses certain symmetric ciphers. Instead of returning the updated (last) initialization vector (IV) after an AES encryption or decryption operation, the library incorrectly returns the initial IV. This failure to update the IV weakens the cryptographic process, compromising the security of subsequent encryption and decryption steps by weakening data confidentiality. [1, 2]
How can this vulnerability impact me? :
This vulnerability primarily impacts data confidentiality. Because the updated IV is not correctly returned and remains the same as the initial IV, the cryptographic strength of AES encryption and decryption operations is weakened. This can potentially expose sensitive data to unauthorized parties. The vulnerability requires local access with low privileges and low attack complexity, and no user interaction is needed. It does not affect data integrity or availability. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running a test script that performs AES encryption/decryption operations using TPM2 tools with libtpms versions 0.10.0 or 0.10.1. The script generates a random original IV and symmetric AES key, loads the key into the TPM, and performs encryption/decryption. It then compares the original IV file (iv.bin) with the updated IV file (newiv.bin). If both IV files are identical, the vulnerability is present because the updated IV should differ from the original after the operation. This method effectively detects the incorrect IV handling flaw. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade libtpms to version 0.10.2 or later, where the issue has been fixed. There are no known workarounds available, so applying the patch or updating to the fixed version is necessary to prevent the vulnerability from compromising data confidentiality. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability weakens data confidentiality by causing the cryptographic process to use an incorrect initialization vector (IV), potentially exposing sensitive data. This compromise of data confidentiality could negatively impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive and personal data. However, the provided resources do not explicitly discuss compliance implications. [1, 2]