CVE-2024-29039

Published: Jun 28, 2024Modified: Nov 4, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.

Affected (1)

Products: Tpm2 Tools Project: Tpm2 Tools

Tpm2 Tools Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tpm2 Tools Project Tpm2 Tools	Before 5.7

Related CWEs

Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

References (6)

https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7

Source: security-advisories@github.com

Release Notes

https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6

Source: security-advisories@github.com

ExploitMitigationVendor Advisory

https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.