vulnerability
Oracle Linux: CVE-2024-29039: ELSA-2024-9424: tpm2-tools security update (LOW)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:N/I:P/A:N) | Apr 30, 2024 | Nov 21, 2024 | Dec 3, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:N)
Published
Apr 30, 2024
Added
Nov 21, 2024
Modified
Dec 3, 2025
Description
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation.
A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation.
Solution
oracle-linux-upgrade-tpm2-tools
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.