CVE-2024-29040

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions TPM2 Software Stack versions prior to 4.1.0

Description The issue is related to the TPM2 GENERATED VALUE() function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2 GENERATED VALUE. This allows an attacker to generate arbitrary quote data that may not be detected by Fapi VerifyQuote. The verifier can receive a state that does not represent the actual state of the device under test, potentially granting malicious devices access to unauthorized data or services.

Recommendations For versions prior to 4.1.0, update to version 4.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the TPMS ATTEST structure and the Fapi Quote and Fapi VerifyQuote functions to minimize the risk of exploitation. Avoid using arbitrary numbers in the TPM2 GENERATED magic field of the JSON structure until the issue is resolved.

Exploit

Fix

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

ALT-PU-2024-7425

AZL-42978

AZL-42985

BDU:2024-04481

CVE-2024-29040

GHSA-837M-JW3M-H9P6

MGASA-2024-0171

OESA-2024-1613

OESA-2024-1637

OESA-2024-1638

OPENSUSE-SU-2024:13933-1

OPENSUSE-SU-2024_1605-1

OPENSUSE-SU-2024_1635-1

SUSE-SU-2024:1605-1

SUSE-SU-2024:1635-1

SUSE-SU-2024:1635-2

SUSE-SU-2024_1635-1

SUSE-SU-2025:20151-1

USN-6796-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Tpm2 Software Stack

Ubuntu

CVE-2024-29040

Weakness Enumeration

Related Identifiers

Affected Products

References · 46