### [CVE-2024-29038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29038)
![](https://img.shields.io/static/v1?label=Product&message=tpm2-tools&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%204.1-rc0%2C%20%3C%205.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1283%3A%20Mutable%20Attestation%20or%20Measurement%20Reporting%20Data&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1390%3A%20Weak%20Authentication&color=brighgreen)

### Description

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.

### POC

#### Reference
- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f

#### Github
No PoCs found on GitHub currently.