MiracleLinux 9 : tpm2-tools-5.2-4.el9 (AXSA:2024-9175:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9175:01 advisory. tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest...

RLSA-2024:9424 Low: tpm2-tools security update

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module TPM 2.0 devices from user space. Security Fixes: tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the...

tpm2-tools: pcr selection value is not compared with the attest

A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation...

OESA-2024-2081 tpm2-tools security update

The package contains the code for the TPM Trusted Platform Module 2.0 tools based on tpm2-tss. Security Fixes: tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This...

Amazon Linux 2023 : tpm2-tools (ALAS2023-2024-693)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-693 advisory. tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest CVE-2024-29039 Tenable has extracted the...

AZL-43021 CVE-2024-29039 affecting package tpm2-tools for versions less than 4.3.2-2

tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

AZL-43015 CVE-2024-29039 affecting package tpm2-tools for versions less than 5.5.1-1

tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

DEBIAN-CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

UBUNTU-CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state

tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

tpm2-tools Security Vulnerabilities

tpm2-tools is a source code library. A security vulnerability exists in tpm2-tools version 5.6 and earlier, which originates when an attacker manipulates the tpm2checkquote output by changing TPMLPCRSELECTION to provide a misleading TPM state chart...

SUSE-SU-2024:1636-1 Security update for tpm2.0-tools

This update for tpm2.0-tools fixes the following issues: - CVE-2024-29038: Fixed arbitrary quote data validation by tpm2checkquote bsc1223687. - CVE-2024-29039: Fixed pcr selection value to be compared with the attest bsc1223689...

Updated tpm2-tools packages fixes security vulnerabilities

A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2GENERATEDVALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2checkquote CVE-2024-29038. The pcr selection which i...