Wind River Support Network

HomeDefectsLIN1024-335
Fixed

LIN1024-335 : Security Advisory - tpm2-tools - CVE-2024-29039

Created: Apr 29, 2024    Updated: Aug 28, 2024
Resolved Date: Jul 3, 2024
Found In Version: 10.24.33.1
Fix Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Userspace

Description

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file.  As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.

https://nvd.nist.gov/vuln/detail/CVE-2024-29039

CVEs


Live chat
Online