Tpm2-Tools Project Tpm2-Tools vulnerabilities

CVE-2024-29039 [HIGH] CWE-807 CVE-2024-29039: tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability all tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been

CVE-2024-29038 [LOW] CWE-1283 CVE-2024-29038: tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious atta tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.

CVE-2021-3565 [MEDIUM] CWE-665 CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed A A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

CVE-2017-7524 [HIGH] CVE-2017-7524: tpm2-tools versions before 1 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.