Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-29040

Опубликовано: 30 апр. 2024
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.

Отчет

This vulnerability is rated as moderate because it allows an attacker to generate arbitrary quote data, potentially bypassing Fapi_VerifyQuote detection, but it requires specific conditions to be exploited.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10tpm2-tssNot affected
Red Hat Enterprise Linux 7tpm2-tssOut of support scope
Red Hat Enterprise Linux 8tpm2-tssNot affected
Red Hat Enterprise Linux 9tpm2-tssAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2278077tpm2-tss: arbitrary quote data may go undetected by Fapi_VerifyQuote

EPSS

Процентиль: 22%
0.00071
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-29040

CVSS3: 4.3
ubuntu
почти 2 года назад

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

nvd логотип

CVE-2024-29040

CVSS3: 4.3
nvd
почти 2 года назад

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

msrc логотип

CVE-2024-29040

CVSS3: 4.3
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-29040

CVSS3: 4.3
debian
почти 2 года назад

This repository hosts source code implementing the Trusted Computing G ...

suse-cvrf логотип

SUSE-SU-2024:1635-1

suse-cvrf
почти 2 года назад

Security update for tpm2-0-tss

EPSS

Процентиль: 22%
0.00071
Низкий

4.4 Medium

CVSS3