VDB

GCVE-110-MAGEIA-2024-170

GCVE-110-MAGEIA-2024-170
Advisory Published
Vulnetix · Advisory published May 9, 2024
A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote (CVE-2024-29038). The pcr selection which is passed with the --pcr parameter is not compared with the attest. So it is possible to fake a valid attestation (CVE-2024-29039). A vulnerability classified as problematic was found in tpm2-tools. This vulnerability affects an unknown code of the file tools/misc/tpm2_checkquote.c of the component pcr Selection Value Handler. The manipulation with an unknown input leads to a comparison vulnerability. The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Affected Products

VendorProductVersionsPlatforms
Mageiatpm2-tools0 (affected), 5.5.1-1.mga9 (unaffected), 0 (affected), 5.5.1-1.mga9 (unaffected)
Mageianvidia-current0 (affected), 550.100-1.mga9.nonfree (unaffected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›