VDB

GCVE-110-MAGEIA-2024-171

GCVE-110-MAGEIA-2024-171
Advisory Published
Vulnetix · Advisory published May 9, 2024
A flaw was found in the tpm2-tss package, where there was no check that the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.

Affected Products

VendorProductVersionsPlatforms
Mageiapipewire0.3.85-5.mga9 (unaffected), 0 (affected)
Mageiawireplumber0 (affected), 0.4.17-1.mga9 (unaffected)
Mageialibcamera0.2.0-1.mga9 (unaffected), 0 (affected)
Mageiawebrtc-audio-processing10 (affected), 1.3-1.mga9 (unaffected)
Mageiatpm2-tss0 (affected), 4.0.2-1.mga9 (unaffected), 0 (affected), 4.0.2-1.mga9 (unaffected)

References

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›