VDB
GCVE-110-MAGEIA-2024-170
GCVE-110-MAGEIA-2024-170
Advisory Published
A flaw was found in the tpm2-tools package. This issue occurs due to a
missing check whether the magic number in attest is equal to
TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary
quote data that may not be detected by tpm2_checkquote (CVE-2024-29038).
The pcr selection which is passed with the --pcr parameter is not
compared with the attest. So it is possible to fake a valid attestation
(CVE-2024-29039).
A vulnerability classified as problematic was found in tpm2-tools. This
vulnerability affects an unknown code of the file
tools/misc/tpm2_checkquote.c of the component pcr Selection Value
Handler. The manipulation with an unknown input leads to a comparison
vulnerability. The product compares two entities in a security-relevant
context, but the comparison is incorrect, which may lead to resultant
weaknesses.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | tpm2-tools | 0 (affected), 5.5.1-1.mga9 (unaffected), 0 (affected), 5.5.1-1.mga9 (unaffected) | — |
| Mageia | nvidia-current | 0 (affected), 550.100-1.mga9.nonfree (unaffected) | — |
References
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.