Описание
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7.
A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | tpm2-tools | Not affected | ||
| Red Hat Enterprise Linux 7 | tpm2-tools | Out of support scope | ||
| Red Hat Enterprise Linux 8 | tpm2-tools | Fix deferred | ||
| Red Hat Enterprise Linux 9 | tpm2-tools | Fixed | RHSA-2024:9424 | 12.11.2024 |
| Red Hat Enterprise Linux 9 | tpm2-tools | Fixed | RHSA-2024:9424 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
tpm2 does not detect if quote was not generated by TPM
tpm2-tools is the source repository for the Trusted Platform Module (T ...
EPSS
4.4 Medium
CVSS3