CVE-2022-0317
The CVE-2022-0317 issue affects go-attestation prior to 0.4.0. A local attacker can craft a malicious Quote with no/some PCRs that makes AKPublic.Verify succeed, then reuse the same PCR set in Eventlog.Verify to spoof TCG log events and defeat remotely-attested measured-boot. Public advisories (G...