Debian Tpm2-Tools vulnerabilities

CVE-2024-29039 [CRITICAL] CVE-2024-29039: tpm2-tools - tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. Th... tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched

CVE-2024-29038 [MEDIUM] CVE-2024-29038: tpm2-tools - tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) too... tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 5.7-1) sid: resolved (fixed in 5.7-1) trixie: resolved (fixed in 5.7-1)

CVE-2021-3565 [MEDIUM] CVE-2021-3565: tpm2-tools - A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_i... A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. Scope: local bookworm: resolved (fixed in 5.0-2) bullseye: resol

CVE-2017-7524 [HIGH] CVE-2017-7524: tpm2-tools - tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transm... tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. Scope: local bookworm: resolved (fixed in 2.1.0-1) bullseye: resolved (fixed in 2.1.0-1) forky: resolved (fixed in 2.1.0-1) sid: resolved (fixed in 2.1.0-1) trixie: resolved (fixed in 2.1.0-1)