CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

PT-2024-4042 · Unknown +5 · Tpm2 Software Stack +5

Name of the Vulnerable Software and Affected Versions: TPM2 Software Stack versions prior to 4.1.0 Description: The issue is related to the TPM2 GENERATED VALUE function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2...