In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. CREATE(Triage):(User=admin) CVE-2020-28407 (https://nvd.nist.gov/vuln/detail/CVE-2020-28407)