Vulnerability Details CVE-2024-29038
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.2%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7
- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f
- https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7
- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/
Products affected by CVE-2024-29038
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:*
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.1
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.1.1
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.1.2
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.1.3
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.2
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.2.1
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.3.0
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.3.1
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:4.3.2
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:5.0
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:5.1
-
cpe:2.3:a:tpm2-tools_project:tpm2-tools:5.1.1