6.6 Medium
AI Score
Confidence
Low
0 Low
EPSS
Percentile
0.0%
After deserializing the quote info it was not checked whether the magic number in the attest is equal TPM2_GENERATED_VALUE. So an malicious attacker could generate arbitrary quote data which was not detected by Fapi_VerifyQuote.
github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99
launchpad.net/bugs/cve/CVE-2024-29040
nvd.nist.gov/vuln/detail/CVE-2024-29040
security-tracker.debian.org/tracker/CVE-2024-29040
ubuntu.com/security/notices/USN-6796-1
www.cve.org/CVERecord?id=CVE-2024-29040