Описание
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | tpm2-tools | Out of support scope | ||
| Red Hat Enterprise Linux 8 | tpm2-tools | Fix deferred | ||
| Red Hat Enterprise Linux 9 | tpm2-tools | Fixed | RHSA-2024:9424 | 12.11.2024 |
| Red Hat Enterprise Linux 9 | tpm2-tools | Fixed | RHSA-2024:9424 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) ...
EPSS
3.3 Low
CVSS3