CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

The vulnerability of the TPM2_GENERATED_VALUE() function in the TCG TPM2 TPM2 Software Stack, related to incorrect input validation, allows attackers to generate arbitrary price data that cannot be detected by Fapi_VerifyQuote.

The vulnerability of the TPM2GENERATEDVALUE function in the TCG TPM2 TPM2 Software Stack lies in the lack of checks to ensure that the magical number in the TPM2GENERATEDVALUE certificate is valid. Exploiting this vulnerability allows an attacker to generate arbitrary quote data that cannot be...

SUSE CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

Vulnerable OpenSSL included in sgx-dcap-quote-verify-python

sgx-dcap-quote-verify-python includes a statically linked copy of OpenSSL. The version of OpenSSL included in sgx-dcap-quote-verify-python 0.0.1..0.0.2 is vulnerable to a security issue. More details about the OpenSSL vulnerabilities themselves can be found at...

GHSA-344M-QCJQ-XGRF Vulnerable OpenSSL included in sgx-dcap-quote-verify-python

sgx-dcap-quote-verify-python includes a statically linked copy of OpenSSL. The version of OpenSSL included in sgx-dcap-quote-verify-python 0.0.1..0.0.2 is vulnerable to a security issue. More details about the OpenSSL vulnerabilities themselves can be found at...