Browse all 4 CVE security advisories affecting tpm2-software. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The TPM2 software stack provides core functionality for Trusted Platform Module 2.0 implementations, enabling hardware-rooted security features like secure boot and attestation. Historically, vulnerabilities have included buffer overflows leading to remote code execution, integer overflows causing denial of service, and privilege escalation flaws through improper access controls. While no major public incidents have been widely reported, the four recorded CVEs highlight potential risks in memory handling and input validation. The project maintains active security practices with regular updates, though its complex nature requires careful implementation to mitigate potential attack surfaces in cryptographic and system integrity functions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-29040 | Fapi Verify Quote: Does not detect if quote was not generated by TPM — tpm2-tssCWE-502 | 4.3 | Medium | 2024-06-28 |
| CVE-2023-22745 | Buffer Overlow in TSS2_RC_Decode in tpm2-tss — tpm2-tssCWE-120 | 6.4 | Medium | 2023-01-19 |
This page lists every published CVE security advisory associated with tpm2-software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.