ALT-PU-2024-7427-1
Package tpm2-tools updated to version 5.7-alt1 for branch sisyphus in task 347423.
Closed vulnerabilities
Published: 2024-06-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
Severity: MEDIUM (4.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
References:
Published: 2024-06-28
Modified: 2025-10-02
Modified: 2025-10-02
CVE-2024-29039
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References: