CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This 
issue has been patched in version 4.1.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
GitHub_MCNA
4.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Debian logo
Debian Releases
Debian Product
Codename
tpm2-tss
bullseye
no-dsa
bookworm
no-dsa
buster
postponed
sid
4.1.3-1.2
fixed
trixie
4.1.3-1.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tpm2-tss
plucky
Fixed 4.1.0-1ubuntu1
released
oracular
Fixed 4.1.0-1ubuntu1
released
noble
Fixed 4.0.1-7.1ubuntu5.1
released
mantic
Fixed 4.0.1-3ubuntu1.1
released
jammy
Fixed 3.2.0-1ubuntu1.1
released
focal
not-affected
bionic
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0
https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6
https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0
https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6