Ubuntu update for tpm2-tss
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-22745 CVE-2024-29040 |
| CWE-ID | CWE-119 CWE-345 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system libtss2-esys0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tctildr0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-swtpm0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-spi-helper0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-pcap0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-mssim0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-libtpms0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-device0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-cmd0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-sys1 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-rc0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-policy0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-mu0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-fapi1 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-esys-3.0.2-0 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tctildr0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-swtpm0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-spi-helper0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-pcap0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-mssim0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-libtpms0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-device0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-tcti-cmd0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-sys1t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-rc0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-policy0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-mu-4.0.1-0t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-fapi1t64 (Ubuntu package) Operating systems & Components / Operating system package or component libtss2-esys-3.0.2-0t64 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU71458
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-22745
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in "Tss2_RC_SetHandler" and "Tss2_RC_Decode". A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package tpm2-tss to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.04
libtss2-esys0 (Ubuntu package): before 2.3.2-1ubuntu0.20.04.2
libtss2-tctildr0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-swtpm0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-spi-helper0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-tcti-pcap0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-tcti-mssim0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-libtpms0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-tcti-device0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-cmd0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-sys1 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-rc0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-policy0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-mu0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-fapi1 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-esys-3.0.2-0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tctildr0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-swtpm0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-spi-helper0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-pcap0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-mssim0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-libtpms0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-device0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-cmd0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-sys1t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-rc0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-policy0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-mu-4.0.1-0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-fapi1t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-esys-3.0.2-0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:23.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libtss2-esys0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tctildr0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-swtpm0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-spi-helper0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-pcap0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-mssim0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-libtpms0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-device0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-cmd0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-sys1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-rc0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-policy0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-mu0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-fapi1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-esys-3.0.2-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tctildr0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-swtpm0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-spi-helper0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-pcap0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-mssim0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-libtpms0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-device0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-cmd0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-sys1t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-rc0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-policy0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-mu-4.0.1-0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-fapi1t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-esys-3.0.2-0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6796-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient verification of data authenticity
EUVDB-ID: #VU89838
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-29040
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing checks for the magic number. A local user can generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.
MitigationUpdate the affected package tpm2-tss to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.04
libtss2-esys0 (Ubuntu package): before 2.3.2-1ubuntu0.20.04.2
libtss2-tctildr0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-swtpm0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-spi-helper0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-tcti-pcap0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-tcti-mssim0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-libtpms0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-tcti-device0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tcti-cmd0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-sys1 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-rc0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-policy0 (Ubuntu package): before 4.0.1-3ubuntu1.1
libtss2-mu0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-fapi1 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-esys-3.0.2-0 (Ubuntu package): before 3.2.0-1ubuntu1.1
libtss2-tctildr0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-swtpm0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-spi-helper0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-pcap0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-mssim0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-libtpms0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-device0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-tcti-cmd0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-sys1t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-rc0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-policy0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-mu-4.0.1-0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-fapi1t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
libtss2-esys-3.0.2-0t64 (Ubuntu package): before 4.0.1-7.1ubuntu5.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:23.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libtss2-esys0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tctildr0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-swtpm0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-spi-helper0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-pcap0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-mssim0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-libtpms0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-device0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-cmd0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-sys1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-rc0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-policy0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-mu0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-fapi1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-esys-3.0.2-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tctildr0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-swtpm0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-spi-helper0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-pcap0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-mssim0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-libtpms0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-device0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-tcti-cmd0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-sys1t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-rc0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-policy0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-mu-4.0.1-0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-fapi1t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libtss2-esys-3.0.2-0t64_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6796-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
