Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-29040
HistoryJun 28, 2024 - 9:15 p.m.

CVE-2024-29040

2024-06-2821:15:02
CWE-502
[email protected]
web.nvd.nist.gov
3
trusted computing group
tss
fapi_quote
fapi_verifyquote
tpms_attest
tpm2_generated
json
deserialization
version 4.1.0

4.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

This repository hosts source code implementing the Trusted Computing Group’s (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn’t, or can use services it shouldn’t be able to. This
issue has been patched in version 4.1.0.

Related

cve 1
redhatcve 1
openvas 10
alpinelinux 1
ubuntucve 1
mageia 1
cvelist 1
debiancve 1
redos 1
osv 1
ubuntu 1
nessus 6
fedora 6
cve
cve
CVE-2024-29040
2024-06-28 21:15:02
redhatcve
redhatcve
CVE-2024-29040
2024-05-01 07:28:52
openvas
openvas
openSUSE: Security Advisory for tpm2 (SUSE-SU-2024:1605-1)
2024-05-13 00:00:00
Mageia: Security Advisory (MGASA-2024-0171)
2024-05-09 00:00:00
openSUSE: Security Advisory for tpm2 (SUSE-SU-2024:1635-1)
2024-05-24 00:00:00
alpinelinux
alpinelinux
CVE-2024-29040
2024-06-28 21:15:02
ubuntucve
ubuntucve
CVE-2024-29040
2024-04-30 00:00:00
mageia
mageia
Updated tpm2-tss packages fix security vulnerabilities
2024-05-09 05:40:29
cvelist
cvelist
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
2024-06-28 21:02:04
debiancve
debiancve
CVE-2024-29040
2024-06-28 21:15:02
redos
redos
ROS-20240611-02
2024-06-11 00:00:00
osv
osv
tpm2-tss vulnerabilities
2024-05-28 22:05:15
ubuntu
ubuntu
TPM2 Software Stack vulnerabilities
2024-05-29 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : TPM2 Software Stack vulnerabilities (USN-6796-1)
2024-05-29 00:00:00
Fedora 39 : tpm2-tools / tpm2-tss (2024-4512dc54af)
2024-05-14 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tpm2-0-tss (SUSE-SU-2024:1635-1)
2024-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: tpm2-tools-5.7-1.fc40
2024-05-02 01:58:38
[SECURITY] Fedora 38 Update: tpm2-tools-5.5.1-1.fc38
2024-05-14 01:33:17
[SECURITY] Fedora 39 Update: tpm2-tools-5.5.1-1.fc39
2024-05-14 03:28:24

4.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVD:CVE-2024-29040
cve1redhatcve1openvas10alpinelinux1ubuntucve1mageia1cvelist1debiancve1redos1osv1ubuntu1nessus6fedora6