Unrated severityNVD Advisory· Published Jun 28, 2024· Updated Nov 4, 2025

tpm2 does not detect if quote was not generated by TPM

CVE-2024-29038

Description

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7.

Affected products

Tm Software/Tpm2 Toolsv5
Range: >= 4.1-rc0, < 5.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/tpm2-software/tpm2-tools/releases/tag/5.7mitrex_refsource_MISC
github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6fmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000