Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveASRGCVE-2023-43630
HistorySep 20, 2023 - 3:15 p.m.

CVE-2023-43630

2023-09-2015:15:11
CWE-522
CWE-328
CWE-922
ASRG
web.nvd.nist.gov
19
cve-2023-43630
pcr14
vault key
sha1
sha256
measured boot
nvd
security
encryption
config partition

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the
problem of the config partition not being measured correctly.

Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of
SHA256.
This issue was somewhat mitigated due to all of the PCR extend functions
updating both the values of SHA256 and SHA1 for a given PCR ID.

However, due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as
the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which
means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”
key, changes to the config partition would still not be measured.

An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”

Affected configurations

Nvd
Node
linuxfoundationedge_virtualization_engineRange9.0.09.5.0
VendorProductVersionCPE
linuxfoundationedge_virtualization_engine*cpe:2.3:o:linuxfoundation:edge_virtualization_engine:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "EVE OS",
    "product": "EVE OS",
    "programFiles": [
      "https://github.com/lf-edge/eve/blob/master/pkg/measure-config/src/measurefs.go",
      "https://github.com/lf-edge/eve/blob/master/pkg/pillar/evetpm/tpm.go"
    ],
    "repo": "https://github.com/lf-edge/eve",
    "vendor": " LF-Edge, Zededa",
    "versions": [
      {
        "lessThan": "9.5.0",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "release"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
vulnrichment 1
cvelist
cvelist
CVE-2023-43630 Config Partition Not Measured From 2 Fronts
2023-09-20 14:37:44
prion
prion
Design/Logic Flaw
2023-09-20 15:15:00
nvd
nvd
CVE-2023-43630
2023-09-20 15:15:11
vulnrichment
vulnrichment
CVE-2023-43630 Config Partition Not Measured From 2 Fronts
2023-09-20 14:37:44

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for CVE-2023-43630
cvelist1prion1nvd1vulnrichment1