tpm2_checkquote: Add comparison of pcr selection. The pcr selection which is passed with the --pcr parameter it not compared with the attest. So it's possible to fake a valid attestation. Fixes: CVE-2024-29039 tpm2_checkquote: Fix check of magic number. It was not checked whether the magic number in the attest is equal to TPM2_GENERATED_VALUE. So an malicious attacker could generate arbitrary quote data which was not detected by tpm2 checkquote. Fixes: CVE-2024-29038
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebff9657edadc8779ed9fde8e2b2debd7bfcac53 commit ebff9657edadc8779ed9fde8e2b2debd7bfcac53 Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2024-04-26 16:52:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-05 11:36:21 +0000 app-crypt/tpm2-tools: add 5.6.1 Bug: https://bugs.gentoo.org/931056 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-crypt/tpm2-tools/Manifest | 1 + app-crypt/tpm2-tools/tpm2-tools-5.6.1.ebuild | 87 ++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+)
Looks like we're clean after: commit f242b23d0183d88c96c0546f8628312ce4335e6e Author: Christopher Byrne <salah.coronya@gmail.com> Date: Tue Oct 1 18:07:38 2024 -0500 app-crypt/tpm2-tools: drop 5.5 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-crypt/tpm2-tools/Manifest | 1 - app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild | 66 ------------------------------------------------------------------ 2 files changed, 67 deletions(-)
