发布于3月6日3月6日 Members Red Hat: CVE-2024-29039: tpm2-tools: pcr selection value is not compared with the attest (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 06/28/2024 Created 11/14/2024 Added 11/13/2024 Modified 11/13/2024 Description tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file.As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7. Solution(s) redhat-upgrade-tpm2-tools redhat-upgrade-tpm2-tools-debuginfo redhat-upgrade-tpm2-tools-debugsource References CVE-2024-29039 RHSA-2024:9424
