PT-2024-22690 · Unknown+6 · Tpm2-Tools+6

Akorb

Published

2024-04-30

Updated

2025-10-22

CVE-2024-29038

CVSS v3.1

4.3

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions tpm2-tools versions prior to 5.7

Description The issue allows a malicious attacker to generate arbitrary quote data that is not detected by tpm2 checkquote. This is related to the Trusted Platform Module (TPM2.0) tools.

Recommendations For versions prior to 5.7, update to version 5.7 to resolve the issue. As a temporary workaround, consider restricting the use of the tpm2 checkquote function until the update is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1390CWE-1283

Related Identifiers

ALSA-2024:9424

ALSA-2024_9424

ALT-PU-2024-7427

AZL-43018

BDU:2025-16173

CVE-2024-29038

GHSA-5495-C38W-GR6F

INFSA-2024_9424

MGASA-2024-0170

OESA-2024-2081

OESA-2024-2082

OESA-2024-2083

OPENSUSE-SU-2024:13926-1

OPENSUSE-SU-2024_1636-1

RHSA-2024:9424

RHSA-2024_9424

RLSA-2024:9424

SUSE-SU-2024:1636-1

SUSE-SU-2024:1636-2

SUSE-SU-2024_1636-1

SUSE-SU-2025:20151-1

Affected Products

Alt Linux

Almalinux

Debian

Red Hat

Rocky Linux

Suse

Tpm2-Tools

PT-2024-22690 · Unknown+6 · Tpm2-Tools+6

CVE-2024-29038

Weakness Enumeration

Related Identifiers

Affected Products

References · 54