Vulnerability Description
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tpm2-Tools Project | Tpm2-Tools | < 5.7 |
Related Weaknesses (CWE)
References
- https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7Release Notes
- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-hExploitMitigationVendor Advisory
- https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7Release Notes
- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-hExploitMitigationVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2024-29039?
CVE-2024-29039 is a vulnerability with a CVSS score of 9.0 (CRITICAL). tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR in...
How severe is CVE-2024-29039?
CVE-2024-29039 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-29039?
Check the references section above for vendor advisories and patch information. Affected products include: Tpm2-Tools Project Tpm2-Tools.