CVE-2024-29038
tpm2 does not detect if quote was not generated by TPM
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Productos afectados
tpm2-software · tpm2-tools¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6fhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/