HPSBHF03609 rev. 3 - TPM Platform Configuration Vulnerability After S3 Resume

2019-03-14T00:00:00

Description

## Potential Security Impact Information Disclosure, Denial of Service, Escalation of Privilege **Source**: HP, HP Product Security Response Team (PSRT) **Reported by**: Seunghun Han, National Security Research Institute ## VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the Trusted Platform Module (TPM) that allow an unauthorized third party to modify the TPM configuration following an S3 Resume, allowing unauthorized access to the system and its data. ## RESOLUTION HP has identified the affected platforms and target dates for Softpaqs. See the affected platforms listed below. > note: > > This bulletin will be updated. Check back frequently for updates. HP recommends keeping your system up to date with the latest firmware and software. **Pending**: Softpaq is in progress. **Under investigation**: System under investigation for impact, or Softpaq under investigation for feasibility/availability. **Not available**: Softpaq not available due to technical or logistical constraints.

{"id": "HP:C06265284", "vendorId": null, "type": "hp", "bulletinFamily": "software", "title": "HPSBHF03609 rev. 3 - TPM Platform Configuration Vulnerability After S3 Resume", "description": "## Potential Security Impact\nInformation Disclosure, Denial of Service, Escalation of Privilege \n\n**Source**: HP, HP Product Security Response Team (PSRT) \n\n**Reported by**: Seunghun Han, National Security Research Institute \n\n## VULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the Trusted Platform Module (TPM) that allow an unauthorized third party to modify the TPM configuration following an S3 Resume, allowing unauthorized access to the system and its data.\n\n## RESOLUTION\nHP has identified the affected platforms and target dates for Softpaqs. See the affected platforms listed below. \n\n> note:\n> \n> This bulletin will be updated. Check back frequently for updates. HP recommends keeping your system up to date with the latest firmware and software.\n\n**Pending**: Softpaq is in progress. \n\n**Under investigation**: System under investigation for impact, or Softpaq under investigation for feasibility/availability. \n\n**Not available**: Softpaq not available due to technical or logistical constraints. \n", "published": "2019-03-14T00:00:00", "modified": "2019-09-23T00:00:00", "cvss": {"score": "7.8", "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/"}, "cvss2": {}, "cvss3": {}, "href": "https://support.hp.com/us-en/document/c06265284", "reporter": "HP Product Security Response Team", "references": [], "cvelist": ["CVE-2017-16837", "CVE-2018-6622"], "immutableFields": [], "lastseen": "2022-03-23T06:30:01", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-16837", "CVE-2018-6622"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-16837"]}, {"type": "lenovo", "idList": ["LENOVO:PS500178-NOSID", "LENOVO:PS500178-TPM-20-SLEEP-WAKE-ERROR-IN-BIOS-FIRMWARE-NOSID"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1236.NASL", "EULEROS_SA-2021-1452.NASL", "EULEROS_SA-2021-1521.NASL", "EULEROS_SA-2021-1855.NASL", "OPENSUSE-2017-1308.NASL", "SUSE_SU-2017-3090-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851652"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-16837"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3100-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-16837"]}], "rev": 4}, "score": {"value": 1.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-16837"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-16837"]}, {"type": "lenovo", "idList": ["LENOVO:PS500178-NOSID"]}, {"type": "nessus", "idList": ["OPENSUSE-2017-1308.NASL", "SUSE_SU-2017-3090-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851652"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-16837"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3100-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-16837"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-16837", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2018-6622", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}], "vulnersScore": 1.2}, "_state": {"dependencies": 1659879600, "score": 1659823045, "epss": 1679323282}, "_internal": {"score_hash": "994d27660f4d8d7cc9ed4961d515d163"}, "affectedPackage": []}

{"redhatcve": [{"lastseen": "2022-06-08T05:21:11", "description": "Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-20T11:50:32", "type": "redhatcve", "title": "CVE-2017-16837", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2022-06-08T03:57:18", "id": "RH:CVE-2017-16837", "href": "https://access.redhat.com/security/cve/cve-2017-16837", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:47:03", "description": "According to the version of the tboot package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : tboot (EulerOS-SA-2021-1855)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tboot", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1855.NASL", "href": "https://www.tenable.com/plugins/nessus/149189", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149189);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2017-16837\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : tboot (EulerOS-SA-2021-1855)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tboot package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Certain function pointers in Trusted Boot (tboot)\n through 1.9.6 are not validated and can cause arbitrary\n code execution, which allows local users to overwrite\n dynamic PCRs of Trusted Platform Module (TPM) by\n hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1855\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5629c211\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tboot package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tboot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tboot-1.9.5-1.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tboot\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:09", "description": "According to the version of the tboot package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : tboot (EulerOS-SA-2021-1452)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tboot", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-1452.NASL", "href": "https://www.tenable.com/plugins/nessus/147611", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147611);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2017-16837\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : tboot (EulerOS-SA-2021-1452)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tboot package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - Certain function pointers in Trusted Boot (tboot)\n through 1.9.6 are not validated and can cause arbitrary\n code execution, which allows local users to overwrite\n dynamic PCRs of Trusted Platform Module (TPM) by\n hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1452\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3de0486\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tboot package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tboot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tboot-1.9.6-2.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tboot\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:19", "description": "According to the version of the tboot package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : tboot (EulerOS-SA-2021-1236)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tboot", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1236.NASL", "href": "https://www.tenable.com/plugins/nessus/146150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146150);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2017-16837\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : tboot (EulerOS-SA-2021-1236)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tboot package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Certain function pointers in Trusted Boot (tboot)\n through 1.9.6 are not validated and can cause arbitrary\n code execution, which allows local users to overwrite\n dynamic PCRs of Trusted Platform Module (TPM) by\n hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1236\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f523bb3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tboot package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tboot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tboot-1.9.6-2.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tboot\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:41", "description": "According to the version of the tboot package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : tboot (EulerOS-SA-2021-1521)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2021-03-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tboot", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-1521.NASL", "href": "https://www.tenable.com/plugins/nessus/147122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147122);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2017-16837\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : tboot (EulerOS-SA-2021-1521)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tboot package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - Certain function pointers in Trusted Boot (tboot)\n through 1.9.6 are not validated and can cause arbitrary\n code execution, which allows local users to overwrite\n dynamic PCRs of Trusted Platform Module (TPM) by\n hooking these function pointers.(CVE-2017-16837)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1521\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a643a5d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tboot package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tboot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tboot-1.9.6-2.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tboot\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:44", "description": "This update for tboot fixes the following issues: Security issue fixed :\n\n - CVE-2017-16837: Certain function pointers in Trusted Boot (tboot) through 1.9.6 are notvalidated and can cause arbitrary code execution, which allows local users tooverwrite dynamic PCRs of Trusted Platform Module (TPM) by h (bsc#1068390) Bug fixes :\n\n - Fixed failed trusted boot on some systems like Intel Xeon 'Purley 8s' processors. The following error message showed: 'TBOOT: wait-for-sipi loop timed-out'. Booting continued but 'TXT measured launch' was wrongly reported as FALSE. (bsc#1057555)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : Recommended update for tboot (SUSE-SU-2017:3090-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:tboot", "p-cpe:/a:novell:suse_linux:tboot-debuginfo", "p-cpe:/a:novell:suse_linux:tboot-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-3090-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104782", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3090-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104782);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-16837\");\n\n script_name(english:\"SUSE SLES12 Security Update : Recommended update for tboot (SUSE-SU-2017:3090-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tboot fixes the following issues: Security issue \nfixed :\n\n - CVE-2017-16837: Certain function pointers in Trusted\n Boot (tboot) through 1.9.6 are notvalidated and can\n cause arbitrary code execution, which allows local users\n tooverwrite dynamic PCRs of Trusted Platform Module\n (TPM) by h (bsc#1068390) Bug fixes :\n\n - Fixed failed trusted boot on some systems like Intel\n Xeon 'Purley 8s' processors. The following error message\n showed: 'TBOOT: wait-for-sipi loop timed-out'. Booting\n continued but 'TXT measured launch' was wrongly reported\n as FALSE. (bsc#1057555)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16837/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173090-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83a040be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1901=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1901=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tboot-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tboot-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"tboot-20160518_1.9.4-7.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"tboot-debuginfo-20160518_1.9.4-7.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"tboot-debugsource-20160518_1.9.4-7.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"tboot-20160518_1.9.4-7.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"tboot-debuginfo-20160518_1.9.4-7.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"tboot-debugsource-20160518_1.9.4-7.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Recommended update for tboot\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:30", "description": "This update for tboot fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-16837: Fix tbootfailed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (boo#1068390).\n\n - Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support (boo#1067229).\n\nBug fixes :\n\n - Update to new upstream version. See release notes for details (1.9.6; 1.9.5, FATE#321510; 1.9.4, FATE#320665;\n 1.8.3, FATE#318542) :\n\n - https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG\n\n - Fix some gcc7 warnings that lead to errors.\n (boo#1041264)\n\n - Fix wrong pvops kernel config matching (boo#981948) \n\n - Fix a excessive stack usage pattern that could lead to resets/crashes (boo#967441)\n\n - fixes a boot issue on Skylake (boo#964408)\n\n - Trim filler words from description; use modern macros over shell vars.\n\n - Add reproducible.patch to call gzip -n to make build fully reproducible.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tboot (openSUSE-2017-1308)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tboot", "p-cpe:/a:novell:opensuse:tboot-debuginfo", "p-cpe:/a:novell:opensuse:tboot-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1308.NASL", "href": "https://www.tenable.com/plugins/nessus/104771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1308.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104771);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-16837\");\n\n script_name(english:\"openSUSE Security Update : tboot (openSUSE-2017-1308)\");\n script_summary(english:\"Check for the openSUSE-2017-1308 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tboot fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-16837: Fix tbootfailed to validate a number of\n immutable function pointers, which could allow an\n attacker to bypass the chain of trust and execute\n arbitrary code (boo#1068390).\n\n - Make tboot package compatible with OpenSSL 1.1.0 for\n SLE-15 support (boo#1067229).\n\nBug fixes :\n\n - Update to new upstream version. See release notes for\n details (1.9.6; 1.9.5, FATE#321510; 1.9.4, FATE#320665;\n 1.8.3, FATE#318542) :\n\n - https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG\n\n - Fix some gcc7 warnings that lead to errors.\n (boo#1041264)\n\n - Fix wrong pvops kernel config matching (boo#981948) \n\n - Fix a excessive stack usage pattern that could lead to\n resets/crashes (boo#967441)\n\n - fixes a boot issue on Skylake (boo#964408)\n\n - Trim filler words from description; use modern macros\n over shell vars.\n\n - Add reproducible.patch to call gzip -n to make build\n fully reproducible.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=964408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tboot packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tboot-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tboot-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tboot-20170711_1.9.6-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tboot-debuginfo-20170711_1.9.6-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tboot-debugsource-20170711_1.9.6-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tboot-20170711_1.9.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tboot-debuginfo-20170711_1.9.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tboot-debugsource-20170711_1.9.6-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tboot / tboot-debuginfo / tboot-debugsource\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-02-08T15:56:20", "description": "Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-16T02:29:00", "type": "cve", "title": "CVE-2017-16837", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2018-08-17T18:29:00", "cpe": ["cpe:/a:trusted_boot_project:trusted_boot:1.9.6"], "id": "CVE-2017-16837", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16837", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:trusted_boot_project:trusted_boot:1.9.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:30:15", "description": "An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-08-17T18:29:00", "type": "cve", "title": "CVE-2018-6622", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6622"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:trustedcomputinggroup:trusted_platform_module:2.0"], "id": "CVE-2018-6622", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6622", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2017-11-26T03:00:51", "description": "This update for tboot fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-16837: Fix tbootfailed to validate a number of immutable\n function pointers, which could allow an attacker to bypass the chain of\n trust and execute arbitrary code (boo#1068390).\n - Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support\n (boo#1067229).\n\n Bug fixes:\n\n - Update to new upstream version. See release notes for details (1.9.6;\n 1.9.5, FATE#321510; 1.9.4, FATE#320665; 1.8.3, FATE#318542):\n * <a rel=\"nofollow\" href=\"https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG\">https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG</a>\n - Fix some gcc7 warnings that lead to errors. (boo#1041264)\n - Fix wrong pvops kernel config matching (boo#981948)\n - Fix a excessive stack usage pattern that could lead to resets/crashes\n (boo#967441)\n - fixes a boot issue on Skylake (boo#964408)\n - Trim filler words from description; use modern macros over shell vars.\n - Add reproducible.patch to call gzip -n to make build fully reproducible.\n\n", "cvss3": {}, "published": "2017-11-26T00:08:35", "type": "suse", "title": "Security update for tboot (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-16837"], "modified": "2017-11-26T00:08:35", "id": "OPENSUSE-SU-2017:3100-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00039.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T18:27:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tboot (openSUSE-SU-2017:3100-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16837"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851652", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851652\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-26 07:32:39 +0100 (Sun, 26 Nov 2017)\");\n script_cve_id(\"CVE-2017-16837\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tboot (openSUSE-SU-2017:3100-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tboot'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tboot fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-16837: Fix tbootfailed to validate a number of immutable\n function pointers, which could allow an attacker to bypass the chain of\n trust and execute arbitrary code (boo#1068390).\n\n - Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support\n (boo#1067229).\n\n Bug fixes:\n\n - Update to new upstream version. See the referenced release notes for details (1.9.6\n 1.9.5, FATE#321510 1.9.4, FATE#320665 1.8.3, FATE#318542).\n\n - Fix some gcc7 warnings that lead to errors. (boo#1041264)\n\n - Fix wrong pvops kernel config matching (boo#981948)\n\n - Fix a excessive stack usage pattern that could lead to resets/crashes\n (boo#967441)\n\n - fixes a boot issue on Skylake (boo#964408)\n\n - Trim filler words from description use modern macros over shell vars.\n\n - Add reproducible.patch to call gzip -n to make build fully reproducible.\");\n\n script_tag(name:\"affected\", value:\"tboot on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3100-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n\n script_xref(name:\"URL\", value:\"https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"tboot-20170711\", rpm:\"tboot-20170711~1.9.6~4.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tboot-debuginfo-20170711\", rpm:\"tboot-debuginfo-20170711~1.9.6~4.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tboot-debugsource-20170711\", rpm:\"tboot-debugsource-20170711~1.9.6~4.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"tboot-20170711\", rpm:\"tboot-20170711~1.9.6~7.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tboot-debuginfo-20170711\", rpm:\"tboot-debuginfo-20170711~1.9.6~7.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tboot-debugsource-20170711\", rpm:\"tboot-debugsource-20170711~1.9.6~7.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-01-27T14:18:15", "description": "Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not\nvalidated and can cause arbitrary code execution, which allows local users\nto overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these\nfunction pointers.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803180>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-16T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16837", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2017-11-16T00:00:00", "id": "UB:CVE-2017-16837", "href": "https://ubuntu.com/security/CVE-2017-16837", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-07T06:01:01", "description": "Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-16T02:29:00", "type": "debiancve", "title": "CVE-2017-16837", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16837"], "modified": "2017-11-16T02:29:00", "id": "DEBIANCVE:CVE-2017-16837", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16837", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "lenovo": [{"lastseen": "2018-09-25T17:22:20", "description": "**Lenovo Security Advisory**: LEN-20494\n\n**Potential Impact: **Local security-bypass\n\n**Severity:** Medium\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2018-6622\n\n**Summary Description:**\n\nLenovo was notified of a potential security bypass vulnerability in BIOS firmware for managing the TPM 2.0 device. If an attacker gains Windows administrator rights and then modifies the Windows kernel so it does not properly prepare the TPM for entering sleep (S3), the TPM may later wake in an error state with cleared PCRs. The BIOS does not detect and resolve this TPM error state, potentially allowing a local attacker to bypass security measures. \n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nLenovo recommends customers update their BIOS to at least the minimum version indicated for their model in the Product Impact section of this advisory.\n\n**Product Impact:**\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-09-13T19:29:00", "type": "lenovo", "title": "TPM 2.0 Sleep-Wake Error in BIOS Firmware - US", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6622"], "modified": "2018-09-13T19:30:46", "id": "LENOVO:PS500178-NOSID", "href": "http://support.lenovo.com/us/en/solutions/LEN-20494", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-11T16:37:25", "description": "**Lenovo Security Advisory**: LEN-20494\n\n**Potential Impact: **Local security-bypass\n\n**Severity:** Medium\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2018-6622\n\n**Summary Description:**\n\nLenovo was notified of a potential security bypass vulnerability in BIOS firmware for managing the TPM 2.0 device. If an attacker gains Windows administrator rights and then modifies the Windows kernel so it does not properly prepare the TPM for entering sleep (S3), the TPM may later wake in an error state with cleared PCRs. The BIOS does not detect and resolve this TPM error state, potentially allowing a local attacker to bypass security measures.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nLenovo recommends customers update their BIOS to at least the minimum version indicated for their model in the Product Impact section of this advisory.\n\n**Product Impact:**\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-07-26T16:56:00", "type": "lenovo", "title": "TPM 2.0 Sleep-Wake Error in BIOS Firmware - Lenovo Support NL", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6622"], "modified": "2020-03-13T20:24:14", "id": "LENOVO:PS500178-TPM-20-SLEEP-WAKE-ERROR-IN-BIOS-FIRMWARE-NOSID", "href": "https://support.lenovo.com/nl/nl/product_security/ps500178-tpm-20-sleep-wake-error-in-bios-firmware", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}]}

HPSBHF03609 rev. 3 - TPM Platform Configuration Vulnerability After S3 Resume

Description

Related