Lucene search
K

13 matches found

OSV
OSV
added 2026/02/04 11:12 p.m.1 views

GHSA-4JVR-VJ2C-8Q37 EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

6.7CVSS5.3AI score0.0011EPSS
Exploits0References5
NVD
NVD
added 2026/01/13 4:16 p.m.11 views

CVE-2025-71077

In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2getpcrallocation does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm...

5.5CVSS0.00123EPSS
Exploits0References7
OSV
OSV
added 2025/12/01 8:49 p.m.8 views

CLSA-2025-1764614196 tpm2-tools: Fix of CVE-2024-29039

CVE-2024-29039: add comparison of pcr selection to prevent misleading picture of the TPM state...

9CVSS5.8AI score0.00984EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/12 8:45 p.m.1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...

9.3CVSS6.5AI score0.00134EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/12 8:45 p.m.1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...

9.3CVSS6.5AI score0.00134EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.5 views

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...

6.1CVSS6.5AI score0.00733EPSS
Exploits0References1
NVD
NVD
added 2023/10/19 8:15 p.m.30 views

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...

5.3CVSS4.9AI score0.00212EPSS
Exploits0References2
Prion
Prion
added 2023/10/19 8:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...

2.1CVSS5.1AI score0.00733EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/19 12:0 a.m.19 views

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...

6.3AI score0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/19 12:0 a.m.39 views

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...

5.2AI score0.00212EPSS
Exploits0References2
OSV
OSV
added 2023/09/21 3:30 p.m.3 views

GHSA-3WMX-9QWP-H363 Duplicate Advisory: EVE Doesn't Protect Config Partition with Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous...

8.8CVSS5.5AI score0.00159EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2021/10/20 7:20 a.m.78 views

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 CV...

6.1CVSS2.1AI score0.00733EPSS
Exploits0
OSV
OSV
added 2018/08/17 6:29 p.m.3 views

CVE-2018-6622

An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group TCG Trusted Platform Module TPM 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can...

7.1CVSS5.8AI score0.00519EPSS
Exploits0References2
Rows per page
Query Builder