发布于3月6日3月6日 Members Alma Linux: CVE-2024-29039: Low: tpm2-tools security update (ALSA-2024-9424) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/28/2024 Created 11/21/2024 Added 11/19/2024 Modified 11/19/2024 Description tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file.As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7. Solution(s) alma-upgrade-tpm2-tools References https://attackerkb.com/topics/cve-2024-29039 CVE - 2024-29039 https://errata.almalinux.org/9/ALSA-2024-9424.html
