15 matches found
EulerOS Virtualization 2.12.1 : tpm2-tss (EulerOS-SA-2024-2319)
According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info...
EulerOS Virtualization 2.12.0 : tpm2-tss (EulerOS-SA-2024-2339)
According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info...
EulerOS 2.0 SP12 : tpm2-tss (EulerOS-SA-2024-2253)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...
EulerOS Virtualization 2.10.1 : tpm2-tss (EulerOS-SA-2024-2151)
According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the...
EulerOS 2.0 SP11 : tpm2-tss (EulerOS-SA-2024-2096)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...
EulerOS 2.0 SP9 : tpm2-tss (EulerOS-SA-2024-1949)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE...
EulerOS 2.0 SP9 : tpm2-tss (EulerOS-SA-2024-1976)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE...
EulerOS 2.0 SP10 : tpm2-tss (EulerOS-SA-2024-1924)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE...
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
CVE-2024-29040
The CVE-2024-29040 issue affects tpm2-tss (TPM2 Software Stack). The root cause is that Fapi_VerifyQuote deserializes JSON Quote Info into TPMS_ATTEST and accepts any TPM2_GENERATED value, allowing a malicious or out-of-date quote state to be treated as valid, potentially exposing data or service...
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
ROS-20240611-02
The vulnerability of Tss2RCDecode and Tss2RCSetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and cause ...
CVE-2024-29040
A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by FapiVerifyQuote...