CVE-2023-43630 Config Partition Not Measured From 2 Fronts

🗓️ 20 Sep 2023 14:37:44Reported by ASRGType

Config partition not measured correctly with SHA256 and SHA1 PCRs leading to potential full device compromis

Reporter	Title	Published	Views	Family All 21
CNNVD	EVE OS Security Vulnerability	20 Sep 202300:00	–	cnnvd
CVE	CVE-2023-43630	20 Sep 202314:37	–	cve
EUVD	EUVD-2023-48030	4 Feb 202620:43	–	euvd
Github Security Blog	Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts	20 Sep 202315:30	–	github
Github Security Blog	EVE Doesn't Measure Config Partition From 2 Fronts	4 Feb 202620:43	–	github
NVD	CVE-2023-43630	20 Sep 202315:15	–	nvd
OSV	CVE-2023-43630	20 Sep 202315:15	–	osv
OSV	GHSA-5JVG-8J6F-VPMC Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts	20 Sep 202315:30	–	osv
OSV	GHSA-PHCG-H58R-GMCQ EVE Doesn't Measure Config Partition From 2 Fronts	4 Feb 202620:43	–	osv
OSV	GO-2026-4430 EVE Doesn't Measure Config Partition From 2 Fronts in github.com/lf-edge/eve	5 Feb 202603:20	–	osv

[
  {
    "defaultStatus": "unaffected",
    "packageName": "EVE OS",
    "product": "EVE OS",
    "programFiles": [
      "https://github.com/lf-edge/eve/blob/master/pkg/measure-config/src/measurefs.go",
      "https://github.com/lf-edge/eve/blob/master/pkg/pillar/evetpm/tpm.go"
    ],
    "repo": "https://github.com/lf-edge/eve",
    "vendor": " LF-Edge, Zededa",
    "versions": [
      {
        "lessThan": "9.5.0",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "release"
      }
    ]
  }
]

Source	Link
asrg	www.asrg.io/security-advisories/cve-2023-43630/

28 Sep 2023 05:39Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

EPSS0.00107

config partition measured boot sha256 sha1 full device compromise