update: tpm2-{tools,tss}
dongsupark opened this issue · comments
Name: tpm2-{tools,tss}
CVEs: CVE-2024-29038, CVE-2024-29039, CVE-2024-29040
CVSSs: 4.3, 9.0, 4.3
Action Needed: update tpm2-tools to >= 5.6.1, tpm2-tss to >= 4.0.2
Summary:
- CVE-2024-29038: tpm2_checkquote: Fix check of magic number. It was not checked whether the magic number in the attest is equal to TPM2_GENERATED_VALUE. So an malicious attacker could generate arbitrary quote data which was not detected by tpm2 checkquote.
- CVE-2024-29039: tpm2_checkquote: Add comparison of pcr selection. The pcr selection which is passed with the --pcr parameter it not compared with the attest. So it's possible to fake a valid
attestation. - CVE-2024-29040: FAPI: Fix check of magic number in verify quote. After deserializing the quote info it was not checked whether the magic number in the attest is equal TPM2_GENERATED_VALUE. So an malicious attacker could generate arbitrary quote data
which was not detected by Fapi_VerifyQuote. Now the number magic number is checket in verify quote and also in the deserialization of TPM2_GENERATED. The check is also added to the Unmarshal function for TPMS_ATTEST.
refmap.gentoo: CVE-2024-2903[89]: https://bugs.gentoo.org/931056, CVE-2024-29040: https://bugs.gentoo.org/931055
CVE-2024-29039 has a critical severity, CVSS 9.0.