Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
Vulnerability Description
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
在安全决策中依赖未经信任的输入
Vulnerability Title
tpm2-tools 安全漏洞
Vulnerability Description
tpm2-tools是一个源代码库。 tpm2-tools 5.6及之前版本存在安全漏洞,该漏洞源于攻击者通过更改TPML_PCR_SELECTION来操纵tpm2_checkquote输出,从而提供误导性的TPM状态图。
CVSS Information
N/A
Vulnerability Type
N/A