vulnerability
Amazon Linux 2023: CVE-2024-29039: Medium priority package update for tpm2-tools
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:N/I:P/A:N) | Apr 30, 2024 | Feb 17, 2025 | Jul 7, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:N)
Published
Apr 30, 2024
Added
Feb 17, 2025
Modified
Jul 7, 2025
Description
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation.
A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation.
Solutions
amazon-linux-2023-upgrade-tpm2-toolsamazon-linux-2023-upgrade-tpm2-tools-debuginfoamazon-linux-2023-upgrade-tpm2-tools-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.