Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 931055 (CVE-2024-29040) - <app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote
Summary: <app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote
Status: IN_PROGRESS
Alias: CVE-2024-29040
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa? cleanup]
Keywords: PullRequest
Depends on: 931240 931271
Blocks:
  Show dependency tree
 
Reported: 2024-05-01 16:04 UTC by Christopher Byrne
Modified: 2024-05-11 02:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Byrne 2024-05-01 16:04:59 UTC
FAPI: Fix check of magic number in verify quote.

After deserializing the quote info it was not checked whether
the magic number in the attest is equal TPM2_GENERATED_VALUE.
So an malicious attacker could generate arbitrary quote data
which was not detected by Fapi_VerifyQuote.
Now the number magic number is checket in verify quote and also
in the deserialization of TPM2_GENERATED.
The check is also added to the Unmarshal function for TPMS_ATTEST.

Fixes: CVE-2024-29040
Comment 1 Larry the Git Cow gentoo-dev 2024-05-05 11:36:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=798f98a615dff20f47a97bfa01309b4029aa8c5a

commit 798f98a615dff20f47a97bfa01309b4029aa8c5a
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2024-04-26 16:14:10 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-05-05 11:36:02 +0000

    app-crypt/tpm2-tss: add 4.0.2
    
    Bug: https://bugs.gentoo.org/931055
    
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-crypt/tpm2-tss/Manifest                        |   1 +
 ...pm2-tss-4.0.2-Dont-install-files-into-run.patch |  26 +++++
 app-crypt/tpm2-tss/tpm2-tss-4.0.2.ebuild           | 109 +++++++++++++++++++++
 3 files changed, 136 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-05-05 15:43:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac62eaa20b04cfb1d457c1872ec72871ceaa6509

commit ac62eaa20b04cfb1d457c1872ec72871ceaa6509
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-05-05 15:43:20 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-05-05 15:43:31 +0000

    profiles: mask broken =app-crypt/tpm2-tss-4.1.0
    
    Closes: https://bugs.gentoo.org/931240
    Bug: https://bugs.gentoo.org/931055
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 4 ++++
 1 file changed, 4 insertions(+)
Comment 3 Hans de Graaff gentoo-dev Security 2024-05-08 05:26:33 UTC
Resetting whiteboard status to "stable?" since there is no stable bug yet for 4.1.1 which is needed to resolve this issue (assuming the version number in the Summary is correct).
Comment 4 Christopher Byrne 2024-05-10 15:48:43 UTC
The version number is NOT correct. It should be <app-crypt/tpm2-tss-4.0.1 .
Comment 5 Christopher Byrne 2024-05-10 15:49:08 UTC
Sorry, 4.0.2, not 4.0.1