INFSA-2024:9424: tpm2-tools security update
Information about definition
Identificator: INFSA-2024:9424
Type: security
Release date: 2024-12-13 11:49:49 UTC
Information about package
The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module (TPM) 2.0 devices from user space.
Vulnerabilities description
- CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
- CVE-2024-29039
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-29038
|
no information | 4.4 | no information |
|
NIST — CVE-2024-29039
|
no information | 3.3 | no information |
Updated packages