Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-29040

Опубликовано: 28 июн. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.3

Описание

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

РелизСтатусПримечание
devel

released

4.1.0-1ubuntu1
esm-apps/bionic

not-affected

code not present
esm-apps/xenial

not-affected

code not present
esm-infra/focal

not-affected

code not present
focal

not-affected

code not present
jammy

released

3.2.0-1ubuntu1.1
mantic

released

4.0.1-3ubuntu1.1
noble

released

4.0.1-7.1ubuntu5.1
oracular

released

4.1.0-1ubuntu1
plucky

released

4.1.0-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 13%
0.00043
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-29040

CVSS3: 4.4
redhat
около 1 года назад

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

nvd логотип

CVE-2024-29040

CVSS3: 4.3
nvd
12 месяцев назад

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

msrc логотип

CVE-2024-29040

CVSS3: 4.3
msrc
9 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-29040

CVSS3: 4.3
debian
12 месяцев назад

This repository hosts source code implementing the Trusted Computing G ...

suse-cvrf логотип

SUSE-SU-2024:1635-1

suse-cvrf
около 1 года назад

Security update for tpm2-0-tss

EPSS

Процентиль: 13%
0.00043
Низкий

4.3 Medium

CVSS3