#VU89838 Insufficient verification of data authenticity in tpm2-tss - CVE-2024-29040

Cybersecurity Help s.r.o.

Published: 2024-05-28

Vulnerability identifier: #VU89838

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-29040

CWE-ID: CWE-345

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
tpm2-tss
Other software / Other software solutions

Vendor: Linux TPM2 & TSS2 Software

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing checks for the magic number. A local user can generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

tpm2-tss: 3.0.0 - 4.0.1

External links
https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for tpm2-tss

Fedora 40 update for tpm2-tools, tpm2-tss

Fedora 39 update for tpm2-tools, tpm2-tss

Fedora 38 update for tpm2-tools, tpm2-tss

Ubuntu update for tpm2-tss

SUSE update for tpm2-0-tss

openEuler 22.03 LTS SP1 update for tpm2-tss

openEuler 20.03 LTS SP4 update for tpm2-tss

openEuler update for tpm2-tss