Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 931056 (CVE-2024-29038, CVE-2024-29039)

Summary: <app-crypt/tpm2-tools-5.6.1: Missing comparison of PCR selection and uncheck magic number in verify quote
Product: Gentoo Security Reporter: Christopher Byrne <salah.coronya>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: ajak
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/36507
Whiteboard: B4 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 931272    
Bug Blocks:    

Description Christopher Byrne 2024-05-01 16:08:38 UTC 
tpm2_checkquote: Add comparison of pcr selection.

The pcr selection which is passed with the --pcr parameter it not
compared with the attest. So it's possible to fake a valid
attestation.

Fixes: CVE-2024-29039

tpm2_checkquote: Fix check of magic number.

It was not checked whether the magic number in the
attest is equal to TPM2_GENERATED_VALUE.
So an malicious attacker could generate arbitrary quote data
which was not detected by tpm2 checkquote.

Fixes: CVE-2024-29038
Comment 1 Larry the Git Cow gentoo-dev 2024-05-05 11:36:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebff9657edadc8779ed9fde8e2b2debd7bfcac53

commit ebff9657edadc8779ed9fde8e2b2debd7bfcac53
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2024-04-26 16:52:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-05-05 11:36:21 +0000

    app-crypt/tpm2-tools: add 5.6.1
    
    Bug: https://bugs.gentoo.org/931056
    
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-crypt/tpm2-tools/Manifest                |  1 +
 app-crypt/tpm2-tools/tpm2-tools-5.6.1.ebuild | 87 ++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-12-02 02:32:25 UTC 
Looks like we're clean after:

commit f242b23d0183d88c96c0546f8628312ce4335e6e
Author: Christopher Byrne <salah.coronya@gmail.com>
Date:   Tue Oct 1 18:07:38 2024 -0500

    app-crypt/tpm2-tools: drop 5.5

    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-crypt/tpm2-tools/Manifest              |  1 -
 app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild | 66 ------------------------------------------------------------------
 2 files changed, 67 deletions(-)