OESA-2024-1613

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1613
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1613.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2024-1613
Upstream
Published
2024-05-17T11:08:03Z
Modified
2025-09-03T06:20:11.727934Z
Summary
tpm2-tss security update
Details

tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.

Security Fix(es):

A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.(CVE-2024-29040)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / tpm2-tss

Package

Name
tpm2-tss
Purl
pkg:rpm/openEuler/tpm2-tss&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.3-3.oe1

Ecosystem specific 

{
    "src": [
        "tpm2-tss-3.0.3-3.oe1.src.rpm"
    ],
    "aarch64": [
        "tpm2-tss-3.0.3-3.oe1.aarch64.rpm",
        "tpm2-tss-debuginfo-3.0.3-3.oe1.aarch64.rpm",
        "tpm2-tss-debugsource-3.0.3-3.oe1.aarch64.rpm",
        "tpm2-tss-devel-3.0.3-3.oe1.aarch64.rpm"
    ],
    "noarch": [
        "tpm2-tss-help-3.0.3-3.oe1.noarch.rpm"
    ],
    "x86_64": [
        "tpm2-tss-debugsource-3.0.3-3.oe1.x86_64.rpm",
        "tpm2-tss-3.0.3-3.oe1.x86_64.rpm",
        "tpm2-tss-debuginfo-3.0.3-3.oe1.x86_64.rpm",
        "tpm2-tss-devel-3.0.3-3.oe1.x86_64.rpm"
    ]
}

openEuler:22.03-LTS / tpm2-tss

Package

Name
tpm2-tss
Purl
pkg:rpm/openEuler/tpm2-tss&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-5.oe2203sp3

Ecosystem specific 

{
    "src": [
        "tpm2-tss-3.1.0-5.oe2203.src.rpm",
        "tpm2-tss-3.1.0-5.oe2203sp2.src.rpm",
        "tpm2-tss-3.1.0-5.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "tpm2-tss-debuginfo-3.1.0-5.oe2203.aarch64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203.aarch64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203.aarch64.rpm",
        "tpm2-tss-3.1.0-5.oe2203.aarch64.rpm",
        "tpm2-tss-3.1.0-5.oe2203sp2.aarch64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp2.aarch64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp2.aarch64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp2.aarch64.rpm",
        "tpm2-tss-3.1.0-5.oe2203sp3.aarch64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp3.aarch64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp3.aarch64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp3.aarch64.rpm"
    ],
    "noarch": [
        "tpm2-tss-help-3.1.0-5.oe2203.noarch.rpm",
        "tpm2-tss-help-3.1.0-5.oe2203sp2.noarch.rpm",
        "tpm2-tss-help-3.1.0-5.oe2203sp3.noarch.rpm"
    ],
    "x86_64": [
        "tpm2-tss-3.1.0-5.oe2203.x86_64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203.x86_64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203.x86_64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203.x86_64.rpm",
        "tpm2-tss-3.1.0-5.oe2203sp2.x86_64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp2.x86_64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp2.x86_64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp2.x86_64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp3.x86_64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp3.x86_64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp3.x86_64.rpm",
        "tpm2-tss-3.1.0-5.oe2203sp3.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP2 / tpm2-tss

Package

Name
tpm2-tss
Purl
pkg:rpm/openEuler/tpm2-tss&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-5.oe2203sp2

Ecosystem specific 

{
    "src": [
        "tpm2-tss-3.1.0-5.oe2203sp2.src.rpm"
    ],
    "aarch64": [
        "tpm2-tss-3.1.0-5.oe2203sp2.aarch64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp2.aarch64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp2.aarch64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp2.aarch64.rpm"
    ],
    "noarch": [
        "tpm2-tss-help-3.1.0-5.oe2203sp2.noarch.rpm"
    ],
    "x86_64": [
        "tpm2-tss-3.1.0-5.oe2203sp2.x86_64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp2.x86_64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp2.x86_64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp2.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / tpm2-tss

Package

Name
tpm2-tss
Purl
pkg:rpm/openEuler/tpm2-tss&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-5.oe2203sp3

Ecosystem specific 

{
    "src": [
        "tpm2-tss-3.1.0-5.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "tpm2-tss-3.1.0-5.oe2203sp3.aarch64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp3.aarch64.rpm",
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp3.aarch64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp3.aarch64.rpm"
    ],
    "noarch": [
        "tpm2-tss-help-3.1.0-5.oe2203sp3.noarch.rpm"
    ],
    "x86_64": [
        "tpm2-tss-debugsource-3.1.0-5.oe2203sp3.x86_64.rpm",
        "tpm2-tss-debuginfo-3.1.0-5.oe2203sp3.x86_64.rpm",
        "tpm2-tss-devel-3.1.0-5.oe2203sp3.x86_64.rpm",
        "tpm2-tss-3.1.0-5.oe2203sp3.x86_64.rpm"
    ]
}