Advisories » MGASA-2024-0171

Updated tpm2-tss packages fix security vulnerabilities

Publication date: 09 May 2024
Modification date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-29040

Description

A flaw was found in the tpm2-tss package, where there was no check that
the magic number in the attest is equal to the
TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary
quote data, which may not be detected by Fapi_VerifyQuote.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33176
• https://access.redhat.com/security/cve/CVE-2024-29040
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29040

SRPMS

9/core

• tpm2-tss-4.0.2-1.mga9