VDB
GCVE-110-MAGEIA-2024-171
GCVE-110-MAGEIA-2024-171
Advisory Published
A flaw was found in the tpm2-tss package, where there was no check that
the magic number in the attest is equal to the
TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary
quote data, which may not be detected by Fapi_VerifyQuote.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | pipewire | 0.3.85-5.mga9 (unaffected), 0 (affected) | — |
| Mageia | wireplumber | 0 (affected), 0.4.17-1.mga9 (unaffected) | — |
| Mageia | libcamera | 0.2.0-1.mga9 (unaffected), 0 (affected) | — |
| Mageia | webrtc-audio-processing1 | 0 (affected), 1.3-1.mga9 (unaffected) | — |
| Mageia | tpm2-tss | 0 (affected), 4.0.2-1.mga9 (unaffected), 0 (affected), 4.0.2-1.mga9 (unaffected) | — |
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.