CVE-2024-29040— tpm2-tss 安全漏洞

Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

可信数据的反序列化

tpm2-tss 安全漏洞

tpm2-tss是tpm2开源的一个 TCG TPM2 软件堆栈（TSS2）的 OSS 实现。 tpm2-tss 4.0.1及之前版本存在安全漏洞，该漏洞源于JSON结构可以使用任意数字，导致攻击者可因此获得不应有的数据访问权限或服务权限。

N/A

N/A