CVE-2024-29038

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-29038
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29038.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-29038
Related
Published
2024-06-28T14:15:03Z
Modified
2025-05-24T03:38:00.308923Z
Downstream
Summary
[none]
Details

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7.

References

Affected packages

Debian:11 / tpm2-tools

Package

Name
tpm2-tools
Purl
pkg:deb/debian/tpm2-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0-2
5.2-1
5.3-1
5.4-1
5.6-1
5.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / tpm2-tools

Package

Name
tpm2-tools
Purl
pkg:deb/debian/tpm2-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4-1
5.6-1
5.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / tpm2-tools

Package

Name
tpm2-tools
Purl
pkg:deb/debian/tpm2-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.7-1

Affected versions

5.*

5.4-1
5.6-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/tpm2-software/tpm2-tools

Affected ranges

Type
GIT
Repo
https://github.com/tpm2-software/tpm2-tools
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c6e182cf690ca0022b77fe7d3c174659917a7e7e
Fixed
c6e182cf690ca0022b77fe7d3c174659917a7e7e

Affected versions

2.*

2.0.0
2.0.0-beta_0

3.*

3.0
3.0-rc0
3.0-rc1
3.0-rc2
3.0.1
3.0.2

4.*

4.0
4.0-rc0
4.0-rc1
4.0-rc2
4.1
4.1-rc0
4.1-rc1
4.1.1
4.1.1-RC0
4.1.1-RC1
4.1.2
4.1.2-rc0
4.1.3
4.1.3-rc0
4.2
4.2-RC0
4.2-rc1
4.2.1
4.2.1-rc0
4.2.1-rc1
4.3.0
4.3.0-rc0
4.3.0-rc1

5.*

5.0
5.0-rc0
5.1
5.1-rc0
5.1-rc1
5.1.1
5.1.1-rc0
5.2
5.2-rc0
5.3
5.3-rc0
5.3-rc1
5.4
5.4-rc0
5.5
5.5-rc0
5.5-rc1
5.6
5.6-rc0
5.7-rc0
5.7-rc1

Other

ajay-kish-pub

v1.*

v1.0.0
v1.0.1
v1.1-beta_0
v1.1-beta_1
v1.1.0