ALT-PU-2024-7427-2

Package update tpm2-tools in branch sisyphus

Version5.7-alt1

Published2026-02-04

Max severityCRITICAL

Severity:

Closed issues (4)

LOW3.3

Уязвимость компонента tpm2 checkquote репозитория для инструментов Trusted Platform Module tpm2-tools, позволяющая нарушителю получить доступ к защищаемой информации

Published: 2025-12-22

CVSS 3.xLOW 3.3

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 1.7

CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:N/A:N

References

CVE-2024-29038

CRITICAL9.0

Уязвимость компонента tpm2 checkquote репозитория для инструментов Trusted Platform Module tpm2-tools, позволяющая нарушителю получить доступ к защищаемой информации

Published: 2025-12-22

CVSS 3.xCRITICAL 9.0

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2024-29039

LOW3.3

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.

Published: 2024-06-28Modified: 2025-11-04

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

HIGH8.1

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.

Published: 2024-06-28Modified: 2025-11-04

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References