4.3
CVE-2024-29038
- EPSS 0.11%
- Veröffentlicht 28.06.2024 14:15:03
- Zuletzt bearbeitet 04.11.2025 18:16:17
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Logintpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tpm2-tools Project ≫ Tpm2-tools Version >= 4.1 < 5.5.1
Tpm2-tools Project ≫ Tpm2-tools Version > 5.6.1 < 5.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.296 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 4.3 | 2.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
CWE-1283 Mutable Attestation or Measurement Reporting Data
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.