CVE-2024-29039Reliance on Untrusted Inputs in a Security Decision in Tpm2-tools

CWE-807Reliance on Untrusted Inputs in a Security DecisionCWE-20Improper Input Validation5 documents5 sources
Severity
8.1HIGHNVD
EPSS
1.7%
top 17.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Tpm2-software Tpm2-toolsTpm2-tools Project Tpm2-toolsDebian Tpm2-tools+4 more
Timeline
PublishedJun 28

Description

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages8 packages

debiandebian/tpm2-tools< tpm2-tools 5.7-1 (forky)
CVEListV5tpm2-software/tpm2-tools< 5.7

🔴Vulnerability Details

1
OSV
CVE-2024-29039: tpm2 is the source repository for the Trusted Platform Module (TPM22024-06-28

📋Vendor Advisories

3
Microsoft
Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state2024-06-11
Red Hat
tpm2-tools: pcr selection value is not compared with the attest2024-04-30
Debian
CVE-2024-29039: tpm2-tools - tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. Th...2024