Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-43634
HistorySep 21, 2023 - 2:15 p.m.

CVE-2023-43634

2023-09-2114:15:11
CWE-922
CWE-522
[email protected]
web.nvd.nist.gov
17
cve-2023-43634
vault key
secure boot
pcrs
config partition
boot measurement
device security

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs
are used.

In a previous project, CYMOTIVE found that the configuration is not protected by the secure
boot, and in response Zededa implemented measurements on the config partition that was
mapped to PCR 13.

In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.

In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition
measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of
PCRs that seal/unseal the key.

This change makes the measurement of PCR 14 effectively redundant as it would not affect
the sealing/unsealing of the key.

An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”

Affected configurations

NVD
Node
lfedgeeveRange<8.6.0
OR
lfedgeeveRange9.0.09.5.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "EVE OS",
    "product": "EVE OS",
    "programFiles": [
      "https://github.com/lf-edge/eve/tree/master/pkg/pillar/evetpm/tpm.go",
      "https://github.com/lf-edge/eve/tree/master/pkg/grub/rootfs.go",
      "https://github.com/lf-edge/eve/tree/master/pkg/measure-config/src/measurefs.go"
    ],
    "repo": "https://github.com/lf-edge/eve",
    "vendor": " LF-Edge, Zededa",
    "versions": [
      {
        "lessThan": "8.6.0",
        "status": "affected",
        "version": "0",
        "versionType": "release"
      },
      {
        "lessThan": "9.5.0",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "release"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2023-43634
2023-09-21 14:15:11
prion
prion
Design/Logic Flaw
2023-09-21 14:15:00
cvelist
cvelist
CVE-2023-43634 Config Partition Not Protected by Measured Boot
2023-09-21 13:05:14

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2023-43634
nvd1prion1cvelist1