Advisory ROSA-SA-2026-3224

software: tpm2-tools 5.5.1 OS: ROSA-CHROME unaffected versions = tpm2-tools-5.5.1-1 affected versions tpm2-tools-5.5.1-1 CVE-ID: CVE-2024-29039 BDU-ID: 2025-16174 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the tpm2 checkquote component of the Trusted Platform Module tpm2-tools repository fo...

MiracleLinux 8 : tpm2-tools-4.1.1-5.el8 (AXSA:2021-2806:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2806:03 advisory. tpm2-tools: fixed AES wrapping key in tpm2import CVE-2021-3565 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : tpm2-tools-5.2-4.el9 (AXSA:2024-9175:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9175:01 advisory. tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest...

EUVD-2021-26875

Malware in sbrugna...

EUVD-2017-16541

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-3565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM...

TencentOS Server 4: tpm2-tools (TSSA-2024:0270)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0270 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

RLSA-2024:9424 Low: tpm2-tools security update

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module TPM 2.0 devices from user space. Security Fixes: tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the...

tpm2-tools security update

An update is available for tpm2-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The tpm2-tools packages add a set of utilities for management and...

Linux Distros Unpatched Vulnerability : CVE-2017-7524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC...

Oracle Linux 9 : tpm2-tools (ELSA-2024-9424)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-9424 advisory. - tpm2checkquote: Fix check of magic number. CVE-2024-29038 - tpm2checkquote: Add comparison of pcr selection. CVE-2024-29039 Tenable has extracted the...

tpm2-tools security update

5.2-4 - Backport upstream fixes. - tpm2checkquote: Fix check of magic number. CVE-2024-29038 - tpm2checkquote: Add comparison of pcr selection. CVE-2024-29039 - Fix check of magic number. Resolves: RHEL-23198 Resolves: RHEL-41031 Resolves: RHEL-41035...

RHSA-2024:9424 Red Hat Security Advisory: tpm2-tools security update

Bulletin has no description...

Low: Red Hat Security Advisory: tpm2-tools security update

An update for tpm2-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

tpm2-tools: pcr selection value is not compared with the attest

A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation...

ALSA-2024:9424 Low: tpm2-tools security update

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module TPM 2.0 devices from user space. Security Fixes: tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the...

Low: tpm2-tools security update

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module TPM 2.0 devices from user space. Security Fixes: tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the...

RHEL 9 : tpm2-tools (RHSA-2024:9424)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9424 advisory. The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module TPM 2.0 devices from user space...

RHSA-2021:4413 Red Hat Security Advisory: tpm2-tools security and enhancement update

Bulletin has no description...

NewStart CGSL MAIN 6.02 : tpm2-tools Vulnerability (NS-SA-2024-0065)

The remote NewStart CGSL host, running version MAIN 6.02, has tpm2-tools packages installed that are affected by a vulnerability: - A flaw was found in tpm2-tools. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal th...