Main Vulnerability Database SB2024052815

SB2024052815 - SUSE update for tpm2-0-tss

Published: May 28, 2024

Security Bulletin ID SB2024052815

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2024-29040)

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing checks for the magic number. A local user can generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20241605-1/

Vulnerable Software

openSUSE Leap: 15.3
libtss2-tcti-device0-64bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-esys0-32bit: before 2.4.5-150300.3.9.1
libtss2-tcti-mssim0-32bit: before 2.4.5-150300.3.9.1
libtss2-tcti-mssim0-32bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-sys0-32bit: before 2.4.5-150300.3.9.1
libtss2-sys0-32bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-mu0-32bit: before 2.4.5-150300.3.9.1
libtss2-esys0-32bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-mu0-32bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-tcti-device0-32bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-tcti-device0-32bit: before 2.4.5-150300.3.9.1
libtss2-esys0-64bit: before 2.4.5-150300.3.9.1
libtss2-mu0-64bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-esys0-64bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-mu0-64bit: before 2.4.5-150300.3.9.1
libtss2-tcti-mssim0-64bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-sys0-64bit-debuginfo: before 2.4.5-150300.3.9.1
libtss2-tcti-mssim0-64bit: before 2.4.5-150300.3.9.1
libtss2-tcti-device0-64bit: before 2.4.5-150300.3.9.1
libtss2-sys0-64bit: before 2.4.5-150300.3.9.1
libtss2-rc0-debuginfo: before 2.4.5-150300.3.9.1
libtss2-esys0: before 2.4.5-150300.3.9.1
libtss2-tcti-device0-debuginfo: before 2.4.5-150300.3.9.1
tpm2-0-tss-debugsource: before 2.4.5-150300.3.9.1
libtss2-fapi0-debuginfo: before 2.4.5-150300.3.9.1
libtss2-sys0-debuginfo: before 2.4.5-150300.3.9.1
libtss2-tctildr0-debuginfo: before 2.4.5-150300.3.9.1
tpm2-0-tss-devel: before 2.4.5-150300.3.9.1
tpm2-0-tss: before 2.4.5-150300.3.9.1
libtss2-rc0: before 2.4.5-150300.3.9.1
libtss2-sys0: before 2.4.5-150300.3.9.1
libtss2-esys0-debuginfo: before 2.4.5-150300.3.9.1
libtss2-tcti-mssim0: before 2.4.5-150300.3.9.1
libtss2-tcti-device0: before 2.4.5-150300.3.9.1
libtss2-mu0-debuginfo: before 2.4.5-150300.3.9.1
libtss2-tcti-mssim0-debuginfo: before 2.4.5-150300.3.9.1
libtss2-fapi0: before 2.4.5-150300.3.9.1
libtss2-tctildr0: before 2.4.5-150300.3.9.1
libtss2-mu0: before 2.4.5-150300.3.9.1

SB2024052815 - SUSE update for tpm2-0-tss

Breakdown by Severity

Description

Remediation

References

Please verify you're human