AZL-43015

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43015.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-43015

Upstream

CVE-2024-29039

Published

2024-06-28T16:15:03Z

Modified

2026-04-21T04:30:51.127631Z

Summary

CVE-2024-29039 affecting package tpm2-tools for versions less than 5.5.1-1

Details

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-29039

Affected packages

Azure Linux:3 / tpm2-tools

Package

Name: tpm2-tools
Purl: pkg:rpm/azure-linux/tpm2-tools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43015.json"