Debian Tpm2-Tss vulnerabilities

CVE-2024-29040 [MEDIUM] CVE-2024-29040: tpm2-tss - This repository hosts source code implementing the Trusted Computing Group's (TC... This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state

CVE-2023-22745 [MEDIUM] CVE-2023-22745: tpm2-tss - tpm2-tss is an open source software implementation of the Trusted Computing Grou... tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, s

CVE-2020-24455 [MEDIUM] CVE-2020-24455: tpm2-tss - Missing initialization of a variable in the TPM2 source may allow a privileged u... Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. Scope: local bookworm: resolved (fixed in 3.0.1-1) bullseye: resolved (fixed in 3.0.1-1) forky: resolved (fixed in 3.0.1-1) sid: resolved (fixed in 3.0.1-1) trix