Clauverjat

**Name of the Vulnerable Software and Affected Versions** tpm2-tools versions prior to 5.7 **Description** The issue allows a malicious attacker to generate arbitrary quote data that is not detected by `tpm2 checkquote`. This is related to the Trusted Platform Module (TPM2.0) tools. **Recommendations** For versions prior to 5.7, update to version 5.7 to resolve the issue. As a temporary workaround, consider restricting the use of the `tpm2 checkquote` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** tpm2 versions prior to 5.7 **Description** This issue allows attackers to manipulate tpm2 checkquote outputs by altering the `TPML PCR SELECTION` in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. **Recommendations** For versions prior to 5.7, update to version 5.7 to resolve the issue. As a temporary workaround, consider restricting access to the PCR input file to prevent manipulation of the `TPML PCR SELECTION`.