Vulnerability Description
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tpm2-Tools Project | Tpm2-Tools | >= 4.1, < 5.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7Release Notes
- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gExploitVendor Advisory
- https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7Release Notes
- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gExploitVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2024-29038?
CVE-2024-29038 is a vulnerability with a CVSS score of 4.3 (MEDIUM). tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was pa...
How severe is CVE-2024-29038?
CVE-2024-29038 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29038?
Check the references section above for vendor advisories and patch information. Affected products include: Tpm2-Tools Project Tpm2-Tools.