Medium severity4.3NVD Advisory· Published Jun 28, 2024· Updated Jun 17, 2026
CVE-2024-29038
CVE-2024-29038
Description
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- Range: <5.7
- osv-coords12 versionspkg:rpm/almalinux/tpm2-toolspkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Tumbleweedpkg:rpm/suse/efivar&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/tpm2-0-tss&distro=SUSE%20Linux%20Micro%206.0
< 5.2-4.el9+ 11 more
- (no CPE)range: < 5.2-4.el9
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.7-1.1
- (no CPE)range: < 38-3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.7-1.1
- (no CPE)range: < 4.1.0-1.1
- Range: >= 4.1-rc0, < 5.7
Patches
Vulnerability mechanics
References
4- github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6fnvdExploitVendor Advisory
- github.com/tpm2-software/tpm2-tools/releases/tag/5.7nvdRelease Notes
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/nvd
News mentions
0No linked articles in our index yet.