{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29038", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-14T16:59:47.613Z", "datePublished": "2024-06-28T13:44:07.035Z", "dateUpdated": "2024-08-02T01:03:51.626Z"}, "containers": {"cna": {"title": "tpm2 does not detect if quote was not generated by TPM", "problemTypes": [{"descriptions": [{"cweId": "CWE-1283", "lang": "en", "description": "CWE-1283: Mutable Attestation or Measurement Reporting Data", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-1390", "lang": "en", "description": "CWE-1390: Weak Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f"}, {"name": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7"}], "affected": [{"vendor": "tpm2-software", "product": "tpm2-tools", "versions": [{"version": ">= 4.1-rc0, < 5.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-28T13:44:07.035Z"}, "descriptions": [{"lang": "en", "value": "tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7."}], "source": {"advisory": "GHSA-5495-c38w-gr6f", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T14:26:41.987195Z", "id": "CVE-2024-29038", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:26:47.695Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:03:51.626Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f"}, {"name": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-28T14:26:41.987195Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:26:45.577Z"}}], "cna": {"title": "tpm2 does not detect if quote was not generated by TPM", "source": {"advisory": "GHSA-5495-c38w-gr6f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "tpm2-software", "product": "tpm2-tools", "versions": [{"status": "affected", "version": ">= 4.1-rc0, < 5.7"}]}], "references": [{"url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f", "name": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7", "name": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1283", "description": "CWE-1283: Mutable Attestation or Measurement Reporting Data"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1390", "description": "CWE-1390: Weak Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-28T13:44:07.035Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29038", "state": "PUBLISHED", "dateUpdated": "2024-06-28T14:26:47.695Z", "dateReserved": "2024-03-14T16:59:47.613Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-28T13:44:07.035Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tpm2-tools_project:tpm2-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "0071BA44-2C6B-4556-8C61-C890D3298FEF", "versionEndExcluding": "5.5.1", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tpm2-tools_project:tpm2-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C859A9A-D6EF-4BA1-B42E-8A2E2EB98181", "versionEndExcluding": "5.7", "versionStartExcluding": "5.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7."}, {"lang": "es", "value": "tpm2-tools es el repositorio de origen de las herramientas del M\u00f3dulo de plataforma segura (TPM2.0). Un atacante malintencionado puede generar datos de cotizaciones arbitrarios que no son detectados por \"tpm2 checkquote\". Este problema se solucion\u00f3 en la versi\u00f3n 5.7."}], "id": "CVE-2024-29038", "lastModified": "2025-10-22T20:39:37.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-28T14:15:03.033", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1283"}, {"lang": "en", "value": "CWE-1390"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9424", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tpm2-tools-0:5.2-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9424", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "tpm2-tools-0:5.2-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "tpm2-tools: arbitrary quote data may go undetected by tpm2_checkquote", "id": "2278071", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278071"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.", "A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote."], "name": "CVE-2024-29038", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "tpm2-tools", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "tpm2-tools", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "tpm2-tools", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-04-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-29038\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-29038"], "threat_severity": "Low"}