CVE-2024-29039
CRITICALDescription
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
Is your site exposed to CVE-2024-29039?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| tpm2-tools_project | tpm2-tools |
References
Advisories & Patches
Exploits
Other References
Frequently Asked Questions
What is CVE-2024-29039? +
How severe is CVE-2024-29039? +
What products are affected by CVE-2024-29039? +
How do I check if I'm vulnerable to CVE-2024-29039? +
Related Vulnerabilities
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge …
By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to …
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. …
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve …
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally …