FAPI: Fix check of magic number in verify quote. After deserializing the quote info it was not checked whether the magic number in the attest is equal TPM2_GENERATED_VALUE. So an malicious attacker could generate arbitrary quote data which was not detected by Fapi_VerifyQuote. Now the number magic number is checket in verify quote and also in the deserialization of TPM2_GENERATED. The check is also added to the Unmarshal function for TPMS_ATTEST. Fixes: CVE-2024-29040
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=798f98a615dff20f47a97bfa01309b4029aa8c5a commit 798f98a615dff20f47a97bfa01309b4029aa8c5a Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2024-04-26 16:14:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-05 11:36:02 +0000 app-crypt/tpm2-tss: add 4.0.2 Bug: https://bugs.gentoo.org/931055 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-crypt/tpm2-tss/Manifest | 1 + ...pm2-tss-4.0.2-Dont-install-files-into-run.patch | 26 +++++ app-crypt/tpm2-tss/tpm2-tss-4.0.2.ebuild | 109 +++++++++++++++++++++ 3 files changed, 136 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac62eaa20b04cfb1d457c1872ec72871ceaa6509 commit ac62eaa20b04cfb1d457c1872ec72871ceaa6509 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-05-05 15:43:20 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-05 15:43:31 +0000 profiles: mask broken =app-crypt/tpm2-tss-4.1.0 Closes: https://bugs.gentoo.org/931240 Bug: https://bugs.gentoo.org/931055 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 4 ++++ 1 file changed, 4 insertions(+)
Resetting whiteboard status to "stable?" since there is no stable bug yet for 4.1.1 which is needed to resolve this issue (assuming the version number in the Summary is correct).
The version number is NOT correct. It should be <app-crypt/tpm2-tss-4.0.1 .
Sorry, 4.0.2, not 4.0.1
