Tpm2-Software Tpm2-Tss vulnerabilities

CVE-2024-29040 [MEDIUM] CWE-502 CVE-2024-29040: This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Sta This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can r

CVE-2023-22745 [MEDIUM] CWE-120 CVE-2023-22745: tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Plat tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COU

CVE-2020-24455 [MEDIUM] CVE-2020-24455: Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.