15 matches found
Advisory ROSA-SA-2026-3224
software: tpm2-tools 5.5.1 OS: ROSA-CHROME unaffected versions = tpm2-tools-5.5.1-1 affected versions tpm2-tools-5.5.1-1 CVE-ID: CVE-2024-29039 BDU-ID: 2025-16174 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the tpm2 checkquote component of the Trusted Platform Module tpm2-tools repository fo...
OESA-2024-2083 tpm2-tools security update
The package contains the code for the TPM Trusted Platform Module 2.0 tools based on tpm2-tss. Security Fixes: tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This...
Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
...
DEBIAN-CVE-2024-29039
tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
UBUNTU-CVE-2024-29039
tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
DEBIAN-CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...
UBUNTU-CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...
CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...
CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...
CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM
tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...
tpm2-tools Security Vulnerabilities
tpm2-tools is a source code library. A security vulnerability exists in tpm2-tools version 5.6 and earlier, which originates when an attacker manipulates the tpm2checkquote output by changing TPMLPCRSELECTION to provide a misleading TPM state chart...
tpm2-tools Security Vulnerabilities
tpm2-tools is a source code library. A security vulnerability exists in tpm2-tools version 4.1-rc0 and earlier, which stems from an attacker being able to generate a tpm2 checkquote resulting in undetectable arbitrary references to data...
SUSE CVE-2024-29039
tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
SUSE CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...
Improper Signature Validation
keylime is vulnerable to Improper Signature Validation. The vulnerability exists in the checkquote function at tpmutil.py because the quote validation is not properly handed in the case of a malformed signature which could allow an attacker to perform unauthorized actions...