Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 931055 (CVE-2024-29040) - <app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote
Summary: <app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote
Alias: CVE-2024-29040
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa? cleanup]
Keywords: PullRequest
Depends on: 931240 931271
  Show dependency tree
Reported: 2024-05-01 16:04 UTC by Christopher Byrne
Modified: 2024-05-11 02:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Byrne 2024-05-01 16:04:59 UTC
FAPI: Fix check of magic number in verify quote.

After deserializing the quote info it was not checked whether
the magic number in the attest is equal TPM2_GENERATED_VALUE.
So an malicious attacker could generate arbitrary quote data
which was not detected by Fapi_VerifyQuote.
Now the number magic number is checket in verify quote and also
in the deserialization of TPM2_GENERATED.
The check is also added to the Unmarshal function for TPMS_ATTEST.

Fixes: CVE-2024-29040
Comment 1 Larry the Git Cow gentoo-dev 2024-05-05 11:36:46 UTC
The bug has been referenced in the following commit(s):

commit 798f98a615dff20f47a97bfa01309b4029aa8c5a
Author:     Christopher Byrne <>
AuthorDate: 2024-04-26 16:14:10 +0000
Commit:     Sam James <>
CommitDate: 2024-05-05 11:36:02 +0000

    app-crypt/tpm2-tss: add 4.0.2
    Signed-off-by: Christopher Byrne <>
    Signed-off-by: Sam James <>

 app-crypt/tpm2-tss/Manifest                        |   1 +
 ...pm2-tss-4.0.2-Dont-install-files-into-run.patch |  26 +++++
 app-crypt/tpm2-tss/tpm2-tss-4.0.2.ebuild           | 109 +++++++++++++++++++++
 3 files changed, 136 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-05-05 15:43:54 UTC
The bug has been referenced in the following commit(s):

commit ac62eaa20b04cfb1d457c1872ec72871ceaa6509
Author:     Sam James <>
AuthorDate: 2024-05-05 15:43:20 +0000
Commit:     Sam James <>
CommitDate: 2024-05-05 15:43:31 +0000

    profiles: mask broken =app-crypt/tpm2-tss-4.1.0
    Signed-off-by: Sam James <>

 profiles/package.mask | 4 ++++
 1 file changed, 4 insertions(+)
Comment 3 Hans de Graaff gentoo-dev Security 2024-05-08 05:26:33 UTC
Resetting whiteboard status to "stable?" since there is no stable bug yet for 4.1.1 which is needed to resolve this issue (assuming the version number in the Summary is correct).
Comment 4 Christopher Byrne 2024-05-10 15:48:43 UTC
The version number is NOT correct. It should be <app-crypt/tpm2-tss-4.0.1 .
Comment 5 Christopher Byrne 2024-05-10 15:49:08 UTC
Sorry, 4.0.2, not 4.0.1