CVE-2024-29040

MEDIUM

TSS - Info Disclosure

Title source: llm

Description

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

References (4)

[Vendor Advisory] https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6

[Release Notes] https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/

Scores

CVSS v3 4.3

EPSS 0.0007

EPSS Percentile 21.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Classification

CWE

CWE-502

Status draft

Timeline

Published Jun 28, 2024

Tracked Since Feb 18, 2026