CVE & CISA-KEV Catalog

CVE-2024-29040

MEDIUM
4.3
CVSS v3
NVD

Description

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.

How to fix

Remediation Available
tpm2-tssDebian
Fixed in:4.1.0-1CVE-2024-29040
Fixed in:4.1.0-1CVE-2024-29040
libtss2-esys-3.0.2-0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-esys-3.0.2-0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-esys0Ubuntu
Fixed in:2.3.2-1ubuntu0.20.04.2USN-6796-1
libtss2-fapi1Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-fapi1t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-mu-4.0.1-0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-mu0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-policy0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-policy0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-rc0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-rc0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-sys1Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-sys1t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-cmd0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-cmd0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-device0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-device0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-libtpms0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-libtpms0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-mssim0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-mssim0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-pcap0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-pcap0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-spi-helper0Ubuntu
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-spi-helper0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tcti-swtpm0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tcti-swtpm0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
libtss2-tctildr0Ubuntu
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
libtss2-tctildr0t64Ubuntu
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1
tpm2-tssUbuntu
Fixed in:2.3.2-1ubuntu0.20.04.2USN-6796-1
Fixed in:3.2.0-1ubuntu1.1USN-6796-1
Fixed in:4.0.1-3ubuntu1.1USN-6796-1
Fixed in:4.0.1-7.1ubuntu5.1USN-6796-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Exploit Intelligence

0.35%probability of exploitation in 30 days
27thpercentile

Low risk: more likely to be exploited than 27% of all known CVEs.

References

Related Vulnerabilities

Other CWE-502 (Deserialization of Untrusted Data) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-0669High7.2100%KEV + RansomFix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2021-35464Critical9.8100%KEV + RansomFix
CVE-2023-29300Critical9.8100%KEV + Ransom-
CVE-2025-53770Critical9.8100%KEV + RansomFix
CVE-2022-47986Critical9.8100%KEV + Ransom-
Embed a live status badge for CVE-2024-29040
CVE-2024-29040 severity badge

Markdown

[![CVE-2024-29040](https://tridentstack.com/cve/badge/CVE-2024-29040.svg)](https://tridentstack.com/cve/CVE-2024-29040)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-29040"><img src="https://tridentstack.com/cve/badge/CVE-2024-29040.svg" alt="CVE-2024-29040"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-04.