rpm package
opensuse/tpm2.0-tools&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/tpm2.0-tools&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29039 | — | < 5.7-1.1 | 5.7-1.1 | Jun 28, 2024 | tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and ba | ||
| CVE-2024-29038 | — | < 5.7-1.1 | 5.7-1.1 | Jun 28, 2024 | tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. | ||
| CVE-2021-3565 | — | < 5.1.1-3.2 | 5.1.1-3.2 | Jun 4, 2021 | A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to d | ||
| CVE-2017-7524 | Hig | 7.5 | < 5.1.1-3.2 | 5.1.1-3.2 | Jun 27, 2017 | tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. |
- CVE-2024-29039Jun 28, 2024affected < 5.7-1.1fixed 5.7-1.1
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and ba
- CVE-2024-29038Jun 28, 2024affected < 5.7-1.1fixed 5.7-1.1
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
- CVE-2021-3565Jun 4, 2021affected < 5.1.1-3.2fixed 5.1.1-3.2
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to d
- affected < 5.1.1-3.2fixed 5.1.1-3.2
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.