HIGH🇵🇱 Wersja polska

CVE-2023-43630

CVSS 8.8v3.1pub. 2023-09-20upd. 2024-11-21

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of SHA256. This issue was somewhat mitigated due to all of the PCR extend functions updating both the values of SHA256 and SHA1 for a given PCR ID. However, due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault” key, changes to the config partition would still not be measured. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault”

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Linuxfoundation Edge Virtualization Engine

    OS
    Linuxfoundation
    9.0.0 – 9.5.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-43632CRITICAL9.0ten sam produkt

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exp...

CVE-2023-43631HIGH8.8ten sam produkt

On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the ...

CVE-2023-43635HIGH8.8ten sam produkt

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking...

CVE-2023-43636HIGH8.8ten sam produkt

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data lo...

CVE-2026-53488CRITICAL9.4ten sam vendor

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...