Bugzilla – Bug 1223690
VUL-0: CVE-2024-29040: tpm2-0-tss: arbitrary quote data may go undetected by Fapi_VerifyQuote
Last modified: 2024-05-27 18:18:58 UTC
After deserializing the quote info it was not checked whether the magic number in the attest is equal TPM2_GENERATED_VALUE. So a malicious attacker could generate arbitrary quote data which was not detected by Fapi_VerifyQuote. Now the number magic number is checked in verify quote and also in the deserialization of TPM2_GENERATED. The check is also added to the Unmarshal function for TPMS_ATTEST. Reference: https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077
The FAPI library is not yet present in the following codestreams: - SUSE:SLE-12-SP3:Update - SUSE:SLE-12-SP5:Update - SUSE:SLE-15:Update I submitted updates for: - SUSE:SLE-15-SP3:Update - SUSE:SLE-15-SP4:Update - SUSE:SLE-15-SP6:Update The Factory package has been bumped to version 4.1 containing the fixes. Once the Factory submission has been accepted, I will forward this package to SUSE:ALP:Source:Standard:1.0, which is also affected.
This is an autogenerated message for OBS integration: This bug (1223690) was mentioned in https://build.opensuse.org/request/show/1172147 Factory / tpm2-0-tss
SUSE-SU-2024:1605-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1223690 CVE References: CVE-2024-29040 Maintenance Incident: [SUSE:Maintenance:33670](https://smelt.suse.de/incident/33670/) Sources used: openSUSE Leap 15.3 (src): tpm2-0-tss-2.4.5-150300.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1635-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1223690 CVE References: CVE-2024-29040 Maintenance Incident: [SUSE:Maintenance:33671](https://smelt.suse.de/incident/33671/) Sources used: openSUSE Leap 15.4 (src): tpm2-0-tss-3.1.0-150400.3.6.1 openSUSE Leap Micro 5.3 (src): tpm2-0-tss-3.1.0-150400.3.6.1 openSUSE Leap Micro 5.4 (src): tpm2-0-tss-3.1.0-150400.3.6.1 openSUSE Leap 15.5 (src): tpm2-0-tss-3.1.0-150400.3.6.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): tpm2-0-tss-3.1.0-150400.3.6.1 SUSE Linux Enterprise Micro 5.3 (src): tpm2-0-tss-3.1.0-150400.3.6.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): tpm2-0-tss-3.1.0-150400.3.6.1 SUSE Linux Enterprise Micro 5.4 (src): tpm2-0-tss-3.1.0-150400.3.6.1 SUSE Linux Enterprise Micro 5.5 (src): tpm2-0-tss-3.1.0-150400.3.6.1 Basesystem Module 15-SP5 (src): tpm2-0-tss-3.1.0-150400.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.