Critical severity9.0NVD Advisory· Published Jun 28, 2024· Updated Jun 17, 2026
CVE-2024-29039
CVE-2024-29039
Description
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords12 versionspkg:rpm/almalinux/tpm2-toolspkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Tumbleweedpkg:rpm/suse/efivar&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/tpm2.0-tools&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/tpm2-0-tss&distro=SUSE%20Linux%20Micro%206.0
< 5.2-4.el9+ 11 more
- (no CPE)range: < 5.2-4.el9
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.7-1.1
- (no CPE)range: < 38-3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.2-150400.6.3.1
- (no CPE)range: < 5.7-1.1
- (no CPE)range: < 4.1.0-1.1
- Range: < 5.7
Patches
Vulnerability mechanics
References
4- github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6nvdExploitMitigationVendor Advisory
- github.com/tpm2-software/tpm2-tools/releases/tag/5.7nvdRelease Notes
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/nvd
News mentions
0No linked articles in our index yet.