OESA-2024-1637
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1637
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1637.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-1637
- Upstream
- Published
- 2024-05-24T11:08:06Z
- Modified
- 2025-08-12T05:43:09.245170Z
- Summary
- tpm2-tss security update
- Details
-
tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.
Security Fix(es):
A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.(CVE-2024-29040)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP4 / tpm2-tss
Package
- Name
- tpm2-tss
- Purl
- pkg:rpm/openEuler/tpm2-tss&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.3-3.oe2003sp4
Ecosystem specific
{
"aarch64": [
"tpm2-tss-devel-3.0.3-3.oe2003sp4.aarch64.rpm",
"tpm2-tss-debugsource-3.0.3-3.oe2003sp4.aarch64.rpm",
"tpm2-tss-debuginfo-3.0.3-3.oe2003sp4.aarch64.rpm",
"tpm2-tss-3.0.3-3.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"tpm2-tss-devel-3.0.3-3.oe2003sp4.x86_64.rpm",
"tpm2-tss-3.0.3-3.oe2003sp4.x86_64.rpm",
"tpm2-tss-debuginfo-3.0.3-3.oe2003sp4.x86_64.rpm",
"tpm2-tss-debugsource-3.0.3-3.oe2003sp4.x86_64.rpm"
],
"noarch": [
"tpm2-tss-help-3.0.3-3.oe2003sp4.noarch.rpm"
],
"src": [
"tpm2-tss-3.0.3-3.oe2003sp4.src.rpm"
]
}