4 matches found
Fapi Verify Quote: Does not detect if quote was not generated by TPM
...
Medium: tpm2-tss
Issue Overview: tpm2-tss: arbitrary quote data may go undetected by FapiVerifyQuote CVE-2024-29040 Affected Packages: tpm2-tss Issue Correction: Run dnf update tpm2-tss --releasever 2023.5.20240819 or dnf update --advisory ALAS2023-2024-703 --releasever 2023.5.20240819 to update your system. More...
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
PT-2024-4042 · Unknown +5 · Tpm2 Software Stack +5
Name of the Vulnerable Software and Affected Versions: TPM2 Software Stack versions prior to 4.1.0 Description: The issue is related to the TPM2 GENERATED VALUE function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2...