CVE-2024-29039

CRITICAL Year: 2024
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-807
View all →

Vulnerability Description

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.

Related Vulnerabilities

CVE-2021-31999

HIGH
CVSS:8.8(High)

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group...

CWE-8072021

CVE-2021-36777

HIGH
CVSS:8.8(High)

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the c...

CWE-8072021

CVE-2024-55354

HIGH
CVSS:8.8(High)

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expecte...

CWE-8072024

CVE-2025-1126

CRITICAL
CVSS:9.3(Critical)

A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.

CWE-8072025

CVE-2023-0009

HIGH
CVSS:7.8(High)

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

CWE-8072023

CVE-2024-51561

CRITICAL
CVSS:7.5(High)

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting...

CWE-8072024