vulnerability
Oracle Linux: CVE-2024-29039: ELSA-2024-9424: tpm2-tools security update (LOW)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:N/I:P/A:N) | Apr 30, 2024 | Nov 21, 2024 | Dec 3, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:N)
Published
Apr 30, 2024
Added
Nov 21, 2024
Modified
Dec 3, 2025
Description
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation.
A flaw was found in tpm2-tools. The PCR selection, which is passed with the --pcr parameter, is not compared with the attest, making it possible for an attacker to fake a valid attestation.
Solution
oracle-linux-upgrade-tpm2-tools
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.