CVE-2024-29040Deserialization of Untrusted Data in Tpm2-tss

CWE-502Deserialization of Untrusted DataCWE-20Improper Input Validation7 documents6 sources
Severity
4.3MEDIUMNVD
OSV6.4
EPSS
0.1%
top 79.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Tpm2-software Tpm2-tssDebian Tpm2-tssMsrc Azl3 Tpm2-tss 4.0.2-1 ON Azure Linux 3.0+3 more
Timeline
PublishedJun 28

Description

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages8 packages

CVEListV5tpm2-software/tpm2-tss< 4.1.0
Debiantpm2-software/tpm2-tss< 4.1.0-1+1
Ubuntutpm2-software/tpm2-tss< 2.3.2-1ubuntu0.20.04.2+2
debiandebian/tpm2-tss< tpm2-tss 4.1.0-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2024-29040: This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS)2024-06-28
OSV
tpm2-tss vulnerabilities2024-05-29

📋Vendor Advisories

4
Microsoft
Fapi Verify Quote: Does not detect if quote was not generated by TPM2024-06-11
Ubuntu
TPM2 Software Stack vulnerabilities2024-05-29
Red Hat
tpm2-tss: arbitrary quote data may go undetected by Fapi_VerifyQuote2024-04-30
Debian
CVE-2024-29040: tpm2-tss - This repository hosts source code implementing the Trusted Computing Group's (TC...2024