Filtered by vendor Tpm2 Software
Subscriptions
Filtered by product Tpm2 Tools
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-29040 | 2 Tpm2 Software, Tpm2 Software Stack Project | 2 Tpm2 Tools, Tpm2 Software Stack | 2024-11-21 | 4.3 Medium |
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | ||||
CVE-2024-29039 | 2 Redhat, Tpm2 Software | 2 Enterprise Linux, Tpm2 Tools | 2024-11-21 | 9.1 Critical |
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7. |
Page 1 of 1.