9 matches found
EUVD-2024-26089
Malicious code in bioql PyPI...
Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2024-2188)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : tpm2-tss (EulerOS-SA-2024-2253)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...
CVE-2024-29040
The CVE-2024-29040 issue affects tpm2-tss (TPM2 Software Stack). The root cause is that Fapi_VerifyQuote deserializes JSON Quote Info into TPMS_ATTEST and accepts any TPM2_GENERATED value, allowing a malicious or out-of-date quote state to be treated as valid, potentially exposing data or service...
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
ROS-20240611-02
The vulnerability of Tss2RCDecode and Tss2RCSetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and cause ...
USN-6796-1 tpm2-tss vulnerabilities
Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-22745 Jurgen Repp and Andreas Fuchs discovered that...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : TPM2 Software Stack vulnerabilities (USN-6796-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6796-1 advisory. Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this...