#VU96645 Reliance on Untrusted Inputs in a Security Decision in tpm2-tools - CVE-2024-29039


Vulnerability identifier: #VU96645

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-29039

CWE-ID: CWE-807

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
tpm2-tools
Other software / Other software solutions

Vendor: Linux TPM2 & TSS2 Software

Description

The vulnerability allows a local user to manipulate the TMP state.

The vulnerability exists due to insufficient validation of PCR input. A local user can alter TPML_PCR_SELECTION and manipulate the TMP state.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

tpm2-tools: 5.0, 5.1 - 5.1.1, 5.2, 5.3, 5.4, 5.5, 5.6

External links
https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6
https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 9 update for tpm2-tools
openEuler 22.03 LTS SP1 update for tpm2-tools
openEuler 20.03 LTS SP4 update for tpm2-tools
openEuler 22.03 LTS SP3 update for tpm2-tools
Fedora 40 update for tpm2-tools, tpm2-tss
Fedora 39 update for tpm2-tools, tpm2-tss
Fedora 38 update for tpm2-tools, tpm2-tss
SUSE update for tpm2.0-tools
Multiple vulnerabilities in Trusted Platform Module (TPM2.0) tools