CVE-2024-29038

{"id": "CVE-2024-29038", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-06-28T14:15:03.033", "references": [{"url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFR7SVEWCOXORHPCLLGXEMHFMIGG2MFE/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI4JFEZBKQQUPJ4RWK6IHEWXAFCEJDPI/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1283"}, {"lang": "en", "value": "CWE-1390"}]}], "descriptions": [{"lang": "en", "value": "tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7."}, {"lang": "es", "value": "tpm2-tools es el repositorio de origen de las herramientas del M\u00f3dulo de plataforma segura (TPM2.0). Un atacante malintencionado puede generar datos de cotizaciones arbitrarios que no son detectados por \"tpm2 checkquote\". Este problema se solucion\u00f3 en la versi\u00f3n 5.7."}], "lastModified": "2025-11-04T18:16:17.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tpm2-tools_project:tpm2-tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0071BA44-2C6B-4556-8C61-C890D3298FEF", "versionEndExcluding": "5.5.1", "versionStartIncluding": "4.1"}, {"criteria": "cpe:2.3:a:tpm2-tools_project:tpm2-tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C859A9A-D6EF-4BA1-B42E-8A2E2EB98181", "versionEndExcluding": "5.7", "versionStartExcluding": "5.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}