88 matches found
CVE-2025-24298
CVE-2025-24298 relates to OpenHarmony, affecting v5.0.3 and earlier where a use-after-free in the trusted computing base (tcb) enables a local attacker to achieve arbitrary code execution. The vulnerability is locally exploitable due to tcb’s post-release reuse issue, with impact on confidentiali...
CVE-2025-25278
OpenHarmony CVE-2025-25278 affects OpenHarmony v5.0.3 and earlier due to a race condition in the tcb component that can allow a local attacker to execute arbitrary code. The root cause is a race condition in tcb leading to local code execution with high impact; exploitability is local with no use...
CVE-2025-25278 liteos_a has a race condition vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...
CVE-2025-25278 liteos_a has a race condition vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...
CVE-2025-27577
CVE-2025-27577 affects OpenHarmony v5.0.3 and earlier where a local attacker can achieve arbitrary code execution via a race condition in the tcb component. The root cause is a race condition that could be exploited locally; no remote vector is described in the provided documents. A remediation i...
PT-2025-32514 · Openharmony · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.4 Description: The software contains a flaw that allows a local attacker to execute arbitrary code within the tcb component due to a race condition. Recommendations: Update to version 5.0.4 or later...
OpenHarmony 资源管理错误漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom OpenAtom Foundation. A resource management error vulnerability exists in OpenHarmony v5.0.3 and earlier versions, which stems from a post-release reuse issue in tcb and could lead to the execution of arbitrar...
PT-2025-32505 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.4 Description: The software contains a use-after-free flaw in the trusted computing base tcb component that could allow a local attacker to execute arbitrary code. Recommendations: Update to version 5.0.4 or...
PT-2025-32509 · Openharmony · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.4 Description: The software contains a flaw that allows a local attacker to execute arbitrary code within the tcb component due to a race condition. Recommendations: Update to OpenHarmony version 5.0.4 or lat...
OpenHarmony 竞争条件问题漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom OpenAtom Foundation. A competitive condition issue vulnerability exists in OpenHarmony v5.0.3 and earlier versions, which stems from a competitive condition in tcb that could lead to the execution of arbitrar...
PT-2025-32511 · Openharmony · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.4 Description: OpenHarmony versions prior to 5.0.4 contain a use-after-free issue in the tcb component that allows a local attacker to execute arbitrary code. Recommendations: Update to OpenHarmony version...
CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue
Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...
TCG TPM 安全漏洞
TCG TPM is a chip that is planted inside a computer to provide a trusted root for the computer, organized by Trusted Computing Group. A security vulnerability exists in version 2.0 of the TCG TPM, which stems from a CryptHmacSign helper function that does not validate the signing scheme and signi...
Linux Distros Unpatched Vulnerability : CVE-2024-29040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be...
Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2024-2229)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : tpm2-tss (EulerOS-SA-2024-2253)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...
EulerOS 2.0 SP11 : tpm2-tss (EulerOS-SA-2024-2096)
According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
AZL-42985 CVE-2024-29040 affecting package tpm2-tss for versions less than 2.4.6-4
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...